glupteba | 72e8b74f1042f204a0dee743a14c3d18f5b35aed37ee4d0d5d2e19ca35b4ec55 | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-1703-x64

Sharing

Copy URL Twitter E-mail

General

Target

72e8b74f1042f204a0dee743a14c3d18f5b35aed37ee4d0d5d2e19ca35b4ec55
Size

4.1MB
Sample

231013-slw8ascg83
MD5

986ad52a00f708c7dad5119f37e68a74
SHA1

3cc44426ac96c1bc8bec23d592f312bb19b32179
SHA256

72e8b74f1042f204a0dee743a14c3d18f5b35aed37ee4d0d5d2e19ca35b4ec55
SHA512

e163c3825b3ce42350927d86ffd4c3584f4b1de3a97593fd682bccd0f1e10141426e80bf0e4932afd9fc07a45bb8054e3880877c54b61acb520ce9ad5aeadbe3
SSDEEP

98304:GfCcvJsi+WPKy/YJdqu91/oBtT4Oxvag9d3FmYx7inZGPjN:GqcOi+WZ7SctBi8VFFx7GGbN

Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

72e8b74f1042f204a0dee743a14c3d18f5b35aed37ee4d0d5d2e19ca35b4ec55.exe

Resource

win10-20230915-en

glupteba discovery dropper evasion loader persistence rootkit trojan upx

windows10-1703-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  72e8b74f1042f204a0dee743a14c3d18f5b35aed37ee4d0d5d2e19ca35b4ec55
- Size
  
  4.1MB
- MD5
  
  986ad52a00f708c7dad5119f37e68a74
- SHA1
  
  3cc44426ac96c1bc8bec23d592f312bb19b32179
- SHA256
  
  72e8b74f1042f204a0dee743a14c3d18f5b35aed37ee4d0d5d2e19ca35b4ec55
- SHA512
  
  e163c3825b3ce42350927d86ffd4c3584f4b1de3a97593fd682bccd0f1e10141426e80bf0e4932afd9fc07a45bb8054e3880877c54b61acb520ce9ad5aeadbe3
- SSDEEP
  
  98304:GfCcvJsi+WPKy/YJdqu91/oBtT4Oxvag9d3FmYx7inZGPjN:GqcOi+WZ7SctBi8VFFx7GGbN
Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit trojan upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Windows security bypass
  evasion trojan
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Manipulates WinMonFS driver.
  Roottkits write to WinMonFS to hide directories/files from being detected.
  rootkit evasion
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencerootkittrojanupx

© 2018-2025

Terms | Privacy