Overview

overview

10

Static

static

1

dridex

windows10-1703-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    56b81f12f53838eee44128ca610293aeb122cb704955fe2838e2086e189c0d83

  • Size

    4.2MB

  • Sample

    230919-yexs5sbf8s

  • MD5

    c741747dea9e0e6d2b104671ee09ea02

  • SHA1

    4c33e5f8d9098ad05c5908edb28f6fccf25bc869

  • SHA256

    56b81f12f53838eee44128ca610293aeb122cb704955fe2838e2086e189c0d83

  • SHA512

    12fe08dffa0ab32e3ceec7a005fc4b001698ad603f03993f3f818b7806f762abf251a4d1f2d11e1870a82c40ca896d4a212c772a31921bdb26cbedc4430a77b0

  • SSDEEP

    98304:BJAkghmhpoy5o81xo4zyDyOPiFv60/Tbbdq3wGCGtH5JXIT8FKz:tghSdKOxZJ+Xwk3DC8HnXIQ0

Score
10/10
gluptebadiscoverydropperevasionloaderpersistencerootkittrojanupx

Malware Config

Targets

    • Target

      56b81f12f53838eee44128ca610293aeb122cb704955fe2838e2086e189c0d83

    • Size

      4.2MB

    • MD5

      c741747dea9e0e6d2b104671ee09ea02

    • SHA1

      4c33e5f8d9098ad05c5908edb28f6fccf25bc869

    • SHA256

      56b81f12f53838eee44128ca610293aeb122cb704955fe2838e2086e189c0d83

    • SHA512

      12fe08dffa0ab32e3ceec7a005fc4b001698ad603f03993f3f818b7806f762abf251a4d1f2d11e1870a82c40ca896d4a212c772a31921bdb26cbedc4430a77b0

    • SSDEEP

      98304:BJAkghmhpoy5o81xo4zyDyOPiFv60/Tbbdq3wGCGtH5JXIT8FKz:tghSdKOxZJ+Xwk3DC8HnXIQ0

    Score
    10/10
    gluptebadiscoverydropperevasionloaderpersistencerootkittrojanupx

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

      loaderdropperglupteba

    • Glupteba payload

    • Windows security bypass

      evasiontrojan

    • Modifies Windows Firewall

      evasion

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

      rootkitevasion

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks