glupteba | ecdf7b64c77d168ff6fa6bcc681909f0dfa8bc5f05071a46b1802bfc227a9c4e | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

ecdf7b64c77d168ff6fa6bcc681909f0dfa8bc5f05071a46b1802bfc227a9c4e
Size

4.1MB
Sample

231011-s4k8ragd8w
MD5

9dd48f5e9011f5a0e1e09d2aeb51ddfd
SHA1

788325b2bbefd95a9fcd982f47efe0cac9266f74
SHA256

ecdf7b64c77d168ff6fa6bcc681909f0dfa8bc5f05071a46b1802bfc227a9c4e
SHA512

4681ec0c91a5876acb7b7210ea293d757aa606ffa7bee35a7475b2ac9735058d656f02dee442dfc77e1c692392356ac8f7ff7bd3cfd809faf5c8c3c38e1b80fc
SSDEEP

98304:rbZwNMOyYTaUs7+TVUsw2NKTL6Pa2dsUNG4:R6zyxMU72NaLerk4

Score

10^/10

glupteba dropper evasion loader persistence

Static task

static1

Behavioral task

behavioral1

Sample

ecdf7b64c77d168ff6fa6bcc681909f0dfa8bc5f05071a46b1802bfc227a9c4e.exe

Resource

win10v2004-20230915-en

glupteba dropper evasion loader persistence

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  ecdf7b64c77d168ff6fa6bcc681909f0dfa8bc5f05071a46b1802bfc227a9c4e
- Size
  
  4.1MB
- MD5
  
  9dd48f5e9011f5a0e1e09d2aeb51ddfd
- SHA1
  
  788325b2bbefd95a9fcd982f47efe0cac9266f74
- SHA256
  
  ecdf7b64c77d168ff6fa6bcc681909f0dfa8bc5f05071a46b1802bfc227a9c4e
- SHA512
  
  4681ec0c91a5876acb7b7210ea293d757aa606ffa7bee35a7475b2ac9735058d656f02dee442dfc77e1c692392356ac8f7ff7bd3cfd809faf5c8c3c38e1b80fc
- SSDEEP
  
  98304:rbZwNMOyYTaUs7+TVUsw2NKTL6Pa2dsUNG4:R6zyxMU72NaLerk4
Score

10^/10

glupteba dropper evasion loader persistence
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gluptebadropperevasionloaderpersistence

© 2018-2025

Terms | Privacy