glupteba | 0046c9296b5f7e5a908a3d7304fff977187c02f4d85a9bf772ee3303a7794792 | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-1703-x64

Sharing

General

Target

0046c9296b5f7e5a908a3d7304fff977187c02f4d85a9bf772ee3303a7794792
Size

4.1MB
Sample

231013-qcqytabh47
MD5

d244fb085676161505d33e4ea7fada5a
SHA1

f70916e054317334ce967986245d55d5acbca688
SHA256

0046c9296b5f7e5a908a3d7304fff977187c02f4d85a9bf772ee3303a7794792
SHA512

e75cff3fe66b593c3f063ebf014ef32f71d2288642133f2683fe7b3a06e532e88d92cb226d1cca725180eaf1edb523529f80d3f2baad1c931228e0400bbfd394
SSDEEP

98304:3lhp/+MAY8LSBetbsJnYPJay0ram2uVyHV/vsKO4IVa8TY/jpHwrK:3lT/+M2+BeVsJYPms9vsd3Va8M/jpv

Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit trojan

Static task

static1

Behavioral task

behavioral1

Sample

0046c9296b5f7e5a908a3d7304fff977187c02f4d85a9bf772ee3303a7794792.exe

Resource

win10-20230915-en

glupteba discovery dropper evasion loader persistence rootkit trojan

windows10-1703-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  0046c9296b5f7e5a908a3d7304fff977187c02f4d85a9bf772ee3303a7794792
- Size
  
  4.1MB
- MD5
  
  d244fb085676161505d33e4ea7fada5a
- SHA1
  
  f70916e054317334ce967986245d55d5acbca688
- SHA256
  
  0046c9296b5f7e5a908a3d7304fff977187c02f4d85a9bf772ee3303a7794792
- SHA512
  
  e75cff3fe66b593c3f063ebf014ef32f71d2288642133f2683fe7b3a06e532e88d92cb226d1cca725180eaf1edb523529f80d3f2baad1c931228e0400bbfd394
- SSDEEP
  
  98304:3lhp/+MAY8LSBetbsJnYPJay0ram2uVyHV/vsKO4IVa8TY/jpHwrK:3lT/+M2+BeVsJYPms9vsd3Va8M/jpv
Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit trojan
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Windows security bypass
  evasion trojan
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Manipulates WinMonFS driver.
  Roottkits write to WinMonFS to hide directories/files from being detected.
  rootkit evasion
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencerootkittrojan

© 2018-2024

Terms | Privacy