glupteba | b11bd9bbf08d606e8e3572348444430580a6b9019ff583e4a59f2632be5251ff | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-2004-x64

Sharing

General

Target

b11bd9bbf08d606e8e3572348444430580a6b9019ff583e4a59f2632be5251ff
Size

4.2MB
Sample

230608-teb48ahd3w
MD5

ae1673a2c7ad90cc525e560752cad925
SHA1

44ab2dca444aa4bd13de68fe7954b31be21a5016
SHA256

b11bd9bbf08d606e8e3572348444430580a6b9019ff583e4a59f2632be5251ff
SHA512

ff514c1376083a641c9e8b91fbd4f4dd7adfff597205f116473e52f8c70bd2e0b8e65e718bdcb71753d957baa8abe5c61369cfd9d726db9c0d40eb265fa29506
SSDEEP

98304:CDcEtUUijxIxK72LbKEdY4LtLHxmL1FX1kFiy/Et2gt:CgyUUil/7dEOG83k4iEtdt

Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit upx

Static task

static1

Behavioral task

behavioral1

Sample

b11bd9bbf08d606e8e3572348444430580a6b9019ff583e4a59f2632be5251ff.exe

Resource

win10v2004-20230221-en

glupteba discovery dropper evasion loader persistence rootkit upx

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  b11bd9bbf08d606e8e3572348444430580a6b9019ff583e4a59f2632be5251ff
- Size
  
  4.2MB
- MD5
  
  ae1673a2c7ad90cc525e560752cad925
- SHA1
  
  44ab2dca444aa4bd13de68fe7954b31be21a5016
- SHA256
  
  b11bd9bbf08d606e8e3572348444430580a6b9019ff583e4a59f2632be5251ff
- SHA512
  
  ff514c1376083a641c9e8b91fbd4f4dd7adfff597205f116473e52f8c70bd2e0b8e65e718bdcb71753d957baa8abe5c61369cfd9d726db9c0d40eb265fa29506
- SSDEEP
  
  98304:CDcEtUUijxIxK72LbKEdY4LtLHxmL1FX1kFiy/Et2gt:CgyUUil/7dEOG83k4iEtdt
Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Manipulates WinMonFS driver.
  Roottkits write to WinMonFS to hide directories/files from being detected.
  rootkit evasion
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencerootkitupx

© 2018-2024

Terms | Privacy