Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a578833774427cb009b5e75790e53f0a8cdf31873a19e7cdf5746cf80d7bda37

  • Size

    4.1MB

  • Sample

    230815-rbygyaba92

  • MD5

    504f003894084bca385430199598f7ea

  • SHA1

    c6731da4429040492c95c89d5f2648d92340a426

  • SHA256

    a578833774427cb009b5e75790e53f0a8cdf31873a19e7cdf5746cf80d7bda37

  • SHA512

    e727f1949f7d748dbf577dc4ad4e0605166ddc9a54950390622e3db60117b200c7df531bee5eafb733ce08709f3af05b6eaaace4e09f14936349e81c21f15c91

  • SSDEEP

    98304:Qf4gWXUyj0VMcjrgIRVcdV3jrKxv0W7RpVRSYiKURM6eLBTfk4:I8mVPrgID6xjr+0W7RLRSYiPReBfj

Score
10/10
gluptebadropperevasionloaderpersistencerootkitupx

Malware Config

Targets

    • Target

      a578833774427cb009b5e75790e53f0a8cdf31873a19e7cdf5746cf80d7bda37

    • Size

      4.1MB

    • MD5

      504f003894084bca385430199598f7ea

    • SHA1

      c6731da4429040492c95c89d5f2648d92340a426

    • SHA256

      a578833774427cb009b5e75790e53f0a8cdf31873a19e7cdf5746cf80d7bda37

    • SHA512

      e727f1949f7d748dbf577dc4ad4e0605166ddc9a54950390622e3db60117b200c7df531bee5eafb733ce08709f3af05b6eaaace4e09f14936349e81c21f15c91

    • SSDEEP

      98304:Qf4gWXUyj0VMcjrgIRVcdV3jrKxv0W7RpVRSYiKURM6eLBTfk4:I8mVPrgID6xjr+0W7RLRSYiPReBfj

    Score
    10/10
    gluptebadropperevasionloaderpersistencerootkitupx

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

      loaderdropperglupteba

    • Glupteba payload

    • Modifies Windows Firewall

      evasion

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

      rootkitevasion

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks