Overview

overview

10

Static

static

1

dridex

windows10-1703-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    cc83f93dbbec6cbb0ba33c1c54ccb6ecfbc63ae5545a36119d2337fa378f453f

  • Size

    4.1MB

  • Sample

    230819-tyez8abe34

  • MD5

    ede2528d9cd8ed720f969348464947ff

  • SHA1

    72cb46c9b9ab5857b37948c185b643c2d439a780

  • SHA256

    cc83f93dbbec6cbb0ba33c1c54ccb6ecfbc63ae5545a36119d2337fa378f453f

  • SHA512

    0640ba512535a59bce4c4c7d84182ea261e823bab5f80bf6611e77f36daefe6cc2b376487a3521e3d6ab97074214d9659a9b2c52e3dd106aecaeeb3d2e5fcaf9

  • SSDEEP

    98304:w5QmU/y+dQSrELBkQMih98JhqpFgMbWc7i04FR1X3fDkfdP:cmvEL3h9GqpSMbWc2PrXrM

Score
10/10
gluptebadropperevasionloaderpersistencerootkittrojanupx

Malware Config

Targets

    • Target

      cc83f93dbbec6cbb0ba33c1c54ccb6ecfbc63ae5545a36119d2337fa378f453f

    • Size

      4.1MB

    • MD5

      ede2528d9cd8ed720f969348464947ff

    • SHA1

      72cb46c9b9ab5857b37948c185b643c2d439a780

    • SHA256

      cc83f93dbbec6cbb0ba33c1c54ccb6ecfbc63ae5545a36119d2337fa378f453f

    • SHA512

      0640ba512535a59bce4c4c7d84182ea261e823bab5f80bf6611e77f36daefe6cc2b376487a3521e3d6ab97074214d9659a9b2c52e3dd106aecaeeb3d2e5fcaf9

    • SSDEEP

      98304:w5QmU/y+dQSrELBkQMih98JhqpFgMbWc7i04FR1X3fDkfdP:cmvEL3h9GqpSMbWc2PrXrM

    Score
    10/10
    gluptebadropperevasionloaderpersistencerootkittrojanupx

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

      loaderdropperglupteba

    • Glupteba payload

    • Windows security bypass

      evasiontrojan

    • Modifies Windows Firewall

      evasion

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

      rootkitevasion

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks