glupteba | c2b7db646e27fa62cda93f6cd6ca4bdc9ab90a6ddd31936b6c789191be9240bc | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-2004-x64

Sharing

General

Target

c2b7db646e27fa62cda93f6cd6ca4bdc9ab90a6ddd31936b6c789191be9240bc
Size

4.2MB
Sample

230608-k8psqsde76
MD5

69a25ad6937561fab58fffa64cb1f060
SHA1

896122cfa2990ede35e101f102e6bcc4af7209cb
SHA256

c2b7db646e27fa62cda93f6cd6ca4bdc9ab90a6ddd31936b6c789191be9240bc
SHA512

04bd972c8d1caa2daabdf9f95bbb684c4ccfb82d1b2db0951f47db327e8d9288ceb5cc3f530878aef1ffdd0e91619664b3077178b7184153f59173fe64d6b788
SSDEEP

98304:4665c4JG+W/h83fz+KjxdfuAXgrXpt7huI665dX5yd9S:4jc4JcKDjWj3hRW9S

Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit upx

Static task

static1

Behavioral task

behavioral1

Sample

c2b7db646e27fa62cda93f6cd6ca4bdc9ab90a6ddd31936b6c789191be9240bc.exe

Resource

win10v2004-20230220-en

glupteba discovery dropper evasion loader persistence rootkit upx

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  c2b7db646e27fa62cda93f6cd6ca4bdc9ab90a6ddd31936b6c789191be9240bc
- Size
  
  4.2MB
- MD5
  
  69a25ad6937561fab58fffa64cb1f060
- SHA1
  
  896122cfa2990ede35e101f102e6bcc4af7209cb
- SHA256
  
  c2b7db646e27fa62cda93f6cd6ca4bdc9ab90a6ddd31936b6c789191be9240bc
- SHA512
  
  04bd972c8d1caa2daabdf9f95bbb684c4ccfb82d1b2db0951f47db327e8d9288ceb5cc3f530878aef1ffdd0e91619664b3077178b7184153f59173fe64d6b788
- SSDEEP
  
  98304:4665c4JG+W/h83fz+KjxdfuAXgrXpt7huI665dX5yd9S:4jc4JcKDjWj3hRW9S
Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Manipulates WinMonFS driver.
  Roottkits write to WinMonFS to hide directories/files from being detected.
  rootkit evasion
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencerootkitupx

© 2018-2024

Terms | Privacy