glupteba | fdf43365fdcb09d24bdb9fee335d7ebb39bea91336b43cdcf3fbfc024d4b9e6e | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-2004-x64

Sharing

General

Target

fdf43365fdcb09d24bdb9fee335d7ebb39bea91336b43cdcf3fbfc024d4b9e6e
Size

4.2MB
Sample

230607-ppcfhsah7v
MD5

fd859f81db2fbab8845b283b6890ff3b
SHA1

edcb945e54bc50da83ebf8e16d53701cae2d4714
SHA256

fdf43365fdcb09d24bdb9fee335d7ebb39bea91336b43cdcf3fbfc024d4b9e6e
SHA512

c5882373fd9e63212f339d573f4c82154964f85ffdaf84f8b28490b3af38a6b4bd875d2df0b31cc27a21f736d061acf32df70dfaeee5236fa8e769c27fbb8251
SSDEEP

98304:3+ryqTX39hhVlc5LB/2OriIoNKDqzuQVp20mFybyM:3+fntQLB/2OfoNK2tm2

Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit upx

Static task

static1

Behavioral task

behavioral1

Sample

fdf43365fdcb09d24bdb9fee335d7ebb39bea91336b43cdcf3fbfc024d4b9e6e.exe

Resource

win10v2004-20230220-en

glupteba discovery dropper evasion loader persistence rootkit upx

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  fdf43365fdcb09d24bdb9fee335d7ebb39bea91336b43cdcf3fbfc024d4b9e6e
- Size
  
  4.2MB
- MD5
  
  fd859f81db2fbab8845b283b6890ff3b
- SHA1
  
  edcb945e54bc50da83ebf8e16d53701cae2d4714
- SHA256
  
  fdf43365fdcb09d24bdb9fee335d7ebb39bea91336b43cdcf3fbfc024d4b9e6e
- SHA512
  
  c5882373fd9e63212f339d573f4c82154964f85ffdaf84f8b28490b3af38a6b4bd875d2df0b31cc27a21f736d061acf32df70dfaeee5236fa8e769c27fbb8251
- SSDEEP
  
  98304:3+ryqTX39hhVlc5LB/2OriIoNKDqzuQVp20mFybyM:3+fntQLB/2OfoNK2tm2
Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Manipulates WinMonFS driver.
  Roottkits write to WinMonFS to hide directories/files from being detected.
  rootkit evasion
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencerootkitupx

© 2018-2024

Terms | Privacy