glupteba | f93570e38218ed19f5bb11f232309d26fe71fd0b2b108aa1e273cacec9c68dd8 | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-2004-x64

Sharing

General

Target

f93570e38218ed19f5bb11f232309d26fe71fd0b2b108aa1e273cacec9c68dd8
Size

4.2MB
Sample

230607-pzrcesaf36
MD5

15851aef64e9d9a2dd03b5da99e1f943
SHA1

a07155e27a95f4534a09bda15d8187f26e27c97e
SHA256

f93570e38218ed19f5bb11f232309d26fe71fd0b2b108aa1e273cacec9c68dd8
SHA512

4442e5e0e3dc2bf6b4d3010213c914229274dc019c47569767ebe1df02c10d7ddb2a88440d3c199324750bc47ad4fd7e81fde6b506fa023c1de2c6e44c79fb07
SSDEEP

98304:75utYctoVARBg2MaaK1g5FJFgQb/OdplY5OuY4di3MrYj:742GQAvSM1iXFgQUplwOP4IMrYj

Score

10^/10

glupteba discovery dropper evasion loader persistence

Static task

static1

Behavioral task

behavioral1

Sample

f93570e38218ed19f5bb11f232309d26fe71fd0b2b108aa1e273cacec9c68dd8.exe

Resource

win10v2004-20230220-en

glupteba discovery dropper evasion loader persistence

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  f93570e38218ed19f5bb11f232309d26fe71fd0b2b108aa1e273cacec9c68dd8
- Size
  
  4.2MB
- MD5
  
  15851aef64e9d9a2dd03b5da99e1f943
- SHA1
  
  a07155e27a95f4534a09bda15d8187f26e27c97e
- SHA256
  
  f93570e38218ed19f5bb11f232309d26fe71fd0b2b108aa1e273cacec9c68dd8
- SHA512
  
  4442e5e0e3dc2bf6b4d3010213c914229274dc019c47569767ebe1df02c10d7ddb2a88440d3c199324750bc47ad4fd7e81fde6b506fa023c1de2c6e44c79fb07
- SSDEEP
  
  98304:75utYctoVARBg2MaaK1g5FJFgQb/OdplY5OuY4di3MrYj:742GQAvSM1iXFgQUplwOP4IMrYj
Score

10^/10

glupteba discovery dropper evasion loader persistence
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistence

© 2018-2024

Terms | Privacy