glupteba | 50cb7d9709e12a2d1999c18c5d23739cab01ecfcd5863cd4b3c6a7c023c8a261 | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-1703-x64

Sharing

Copy URL Twitter E-mail

General

Target

50cb7d9709e12a2d1999c18c5d23739cab01ecfcd5863cd4b3c6a7c023c8a261
Size

4.1MB
Sample

231113-msjb5acb5v
MD5

e648ac440f9231b895c5831335602041
SHA1

6e8e73bd8d17b56cb907539d319492f7f8cfe313
SHA256

50cb7d9709e12a2d1999c18c5d23739cab01ecfcd5863cd4b3c6a7c023c8a261
SHA512

e29d24766fe4ca4259c5c76b43f13ec8119d0edf1899cb3ca994cd47ba96c6af6241974e80373a8277b63c3d5331f7aee8f3e3f40efac144f6aa6e3c32d434fb
SSDEEP

98304:l2ZIGA1T7oyz00rMTuY9Tg4EWKl5r1M2TRZU2:l2ZIdTcy5Y9k4fO5M29

Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

50cb7d9709e12a2d1999c18c5d23739cab01ecfcd5863cd4b3c6a7c023c8a261.exe

Resource

win10-20231020-en

glupteba discovery dropper evasion loader persistence rootkit trojan upx

windows10-1703-x64

22 signatures

150 seconds

Malware Config

Targets

- Target
  
  50cb7d9709e12a2d1999c18c5d23739cab01ecfcd5863cd4b3c6a7c023c8a261
- Size
  
  4.1MB
- MD5
  
  e648ac440f9231b895c5831335602041
- SHA1
  
  6e8e73bd8d17b56cb907539d319492f7f8cfe313
- SHA256
  
  50cb7d9709e12a2d1999c18c5d23739cab01ecfcd5863cd4b3c6a7c023c8a261
- SHA512
  
  e29d24766fe4ca4259c5c76b43f13ec8119d0edf1899cb3ca994cd47ba96c6af6241974e80373a8277b63c3d5331f7aee8f3e3f40efac144f6aa6e3c32d434fb
- SSDEEP
  
  98304:l2ZIGA1T7oyz00rMTuY9Tg4EWKl5r1M2TRZU2:l2ZIdTcy5Y9k4fO5M29
Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit trojan upx
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Windows security bypass
  evasion trojan
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Manipulates WinMonFS driver.
  Roottkits write to WinMonFS to hide directories/files from being detected.
  rootkit evasion
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencerootkittrojanupx

© 2018-2025

Terms | Privacy