Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    5ea25aafa771a260d59d9790b00e0cc3cd6d81cca007d47af9e86e38f1ee14a9

  • Size

    4.2MB

  • Sample

    230806-zzd27scc96

  • MD5

    f6ac9c1b4bfd0cda17e10ed0a29e5a74

  • SHA1

    9e1a5be5f8110e738baab76134226b00ba2c5e66

  • SHA256

    5ea25aafa771a260d59d9790b00e0cc3cd6d81cca007d47af9e86e38f1ee14a9

  • SHA512

    1b5188bbcb59ff503a2cb92e5b86b790b479f2324149fa16445d99dd7f99d08f141292bf29f4c126b6691d47c97919c724a2629c8b5911c02d6e42ada9944d55

  • SSDEEP

    98304:Us9CerFc/aRPo1Q+VcHo7F2V60+NEg+zW5xEyMu:UiDcCRPoK1Howg0+5IidMu

Score
10/10
gluptebadropperevasionloaderpersistencerootkitupx

Malware Config

Targets

    • Target

      5ea25aafa771a260d59d9790b00e0cc3cd6d81cca007d47af9e86e38f1ee14a9

    • Size

      4.2MB

    • MD5

      f6ac9c1b4bfd0cda17e10ed0a29e5a74

    • SHA1

      9e1a5be5f8110e738baab76134226b00ba2c5e66

    • SHA256

      5ea25aafa771a260d59d9790b00e0cc3cd6d81cca007d47af9e86e38f1ee14a9

    • SHA512

      1b5188bbcb59ff503a2cb92e5b86b790b479f2324149fa16445d99dd7f99d08f141292bf29f4c126b6691d47c97919c724a2629c8b5911c02d6e42ada9944d55

    • SSDEEP

      98304:Us9CerFc/aRPo1Q+VcHo7F2V60+NEg+zW5xEyMu:UiDcCRPoK1Howg0+5IidMu

    Score
    10/10
    gluptebadropperevasionloaderpersistencerootkitupx

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

      loaderdropperglupteba

    • Glupteba payload

    • Modifies Windows Firewall

      evasion

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

      rootkitevasion

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks