glupteba | 88d0901d72e3451441d9a860d5ca9d08483de1b09c6c5413df71183d3140da0a | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-1703-x64

Sharing

Copy URL Twitter E-mail

General

Target

88d0901d72e3451441d9a860d5ca9d08483de1b09c6c5413df71183d3140da0a
Size

4.1MB
Sample

230821-fdl15sah39
MD5

5514d672152e97f8965672a84f90372d
SHA1

9083c85197bd1b6e991a706157c6fb19f7d7cabb
SHA256

88d0901d72e3451441d9a860d5ca9d08483de1b09c6c5413df71183d3140da0a
SHA512

8df0945e0cc508777403c6c5f0984f8b17a7ee61b5390f6b8578ad87792a29dd163335e950c3afc3f41e97d566d2dc83b17be2f1a7cb00d7c089d41feff626a2
SSDEEP

98304:4TR9INs6pRZWO0qo4+0GHtjvimPAEIfyE8I3iu+KG8d9SZbUh:aH6oNL4uNGmMbH3iHud8A

Score

10^/10

glupteba dropper evasion loader persistence rootkit trojan

Static task

static1

Behavioral task

behavioral1

Sample

88d0901d72e3451441d9a860d5ca9d08483de1b09c6c5413df71183d3140da0a.exe

Resource

win10-20230703-en

glupteba dropper evasion loader persistence rootkit trojan

windows10-1703-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  88d0901d72e3451441d9a860d5ca9d08483de1b09c6c5413df71183d3140da0a
- Size
  
  4.1MB
- MD5
  
  5514d672152e97f8965672a84f90372d
- SHA1
  
  9083c85197bd1b6e991a706157c6fb19f7d7cabb
- SHA256
  
  88d0901d72e3451441d9a860d5ca9d08483de1b09c6c5413df71183d3140da0a
- SHA512
  
  8df0945e0cc508777403c6c5f0984f8b17a7ee61b5390f6b8578ad87792a29dd163335e950c3afc3f41e97d566d2dc83b17be2f1a7cb00d7c089d41feff626a2
- SSDEEP
  
  98304:4TR9INs6pRZWO0qo4+0GHtjvimPAEIfyE8I3iu+KG8d9SZbUh:aH6oNL4uNGmMbH3iHud8A
Score

10^/10

glupteba dropper evasion loader persistence rootkit trojan
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Windows security bypass
  evasion trojan
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Manipulates WinMonFS driver.
  Roottkits write to WinMonFS to hide directories/files from being detected.
  rootkit evasion
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gluptebadropperevasionloaderpersistencerootkittrojan

© 2018-2025

Terms | Privacy