Overview

overview

10

Static

static

1

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    877e99e2dd182e87b41fd4811e44354ccb32e5adb57726421fb204aa421ac5f2

  • Size

    4.1MB

  • Sample

    230922-p3kztagb2z

  • MD5

    76b9e7e7bd6ab3fc445116ffdc8643a0

  • SHA1

    fa000804ed7d49fa1708cb1fd988a06205e66493

  • SHA256

    877e99e2dd182e87b41fd4811e44354ccb32e5adb57726421fb204aa421ac5f2

  • SHA512

    58291220af4651035d0eaf7a32116d04affb3eff50c90555ea1d7e3599cd790640cc63cb614b1dabd8b4a76728a8757dabcd0afa1abdd5c455082eb9d2f17186

  • SSDEEP

    98304:/e6/ypJ7ydBaPBFZLNMUh+uhgFdXRjI8C4FMU1Vi/+x7vOO72zDPD8VupUZKJ5l:mBpHBNM+Bhg1jI8C4aYw/+hvn7mAWUZ8

Score
10/10
gluptebadropperevasionloaderpersistencetrojan

Malware Config

Targets

    • Target

      877e99e2dd182e87b41fd4811e44354ccb32e5adb57726421fb204aa421ac5f2

    • Size

      4.1MB

    • MD5

      76b9e7e7bd6ab3fc445116ffdc8643a0

    • SHA1

      fa000804ed7d49fa1708cb1fd988a06205e66493

    • SHA256

      877e99e2dd182e87b41fd4811e44354ccb32e5adb57726421fb204aa421ac5f2

    • SHA512

      58291220af4651035d0eaf7a32116d04affb3eff50c90555ea1d7e3599cd790640cc63cb614b1dabd8b4a76728a8757dabcd0afa1abdd5c455082eb9d2f17186

    • SSDEEP

      98304:/e6/ypJ7ydBaPBFZLNMUh+uhgFdXRjI8C4FMU1Vi/+x7vOO72zDPD8VupUZKJ5l:mBpHBNM+Bhg1jI8C4aYw/+hvn7mAWUZ8

    Score
    10/10
    gluptebadropperevasionloaderpersistencetrojan

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

      loaderdropperglupteba

    • Glupteba payload

    • Windows security bypass

      evasiontrojan

    • Modifies Windows Firewall

      evasion

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks