glupteba | f2c68fb3061fa96010a6833d2b2150ea42f58f813f0ec5326fa0e434077e249f | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-1703-x64

Sharing

Copy URL Twitter E-mail

General

Target

f2c68fb3061fa96010a6833d2b2150ea42f58f813f0ec5326fa0e434077e249f
Size

4.1MB
Sample

231212-bs432sdhb8
MD5

040f0680a2a414ed99a09bc391c41f36
SHA1

562c9ac8f8d838cc282557b4946330ad78f76900
SHA256

f2c68fb3061fa96010a6833d2b2150ea42f58f813f0ec5326fa0e434077e249f
SHA512

eac56c5d7fb8b7f514152c5a10efb18f837f7faf6d2a677adfed72a6206256dd0ee49172276a3f5dba54c8b56b943ae072665e767384a9772556fc8184a6ccac
SSDEEP

98304:gInKsIw/hSMdlduiFIlATMwslTxUIY59LIlHufMhKmQwP1:7nh/MMdlXTMJTx0+dhuw9

Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit trojan

Static task

static1

Behavioral task

behavioral1

Sample

f2c68fb3061fa96010a6833d2b2150ea42f58f813f0ec5326fa0e434077e249f.exe

Resource

win10-20231129-en

glupteba discovery dropper evasion loader persistence rootkit trojan

windows10-1703-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  f2c68fb3061fa96010a6833d2b2150ea42f58f813f0ec5326fa0e434077e249f
- Size
  
  4.1MB
- MD5
  
  040f0680a2a414ed99a09bc391c41f36
- SHA1
  
  562c9ac8f8d838cc282557b4946330ad78f76900
- SHA256
  
  f2c68fb3061fa96010a6833d2b2150ea42f58f813f0ec5326fa0e434077e249f
- SHA512
  
  eac56c5d7fb8b7f514152c5a10efb18f837f7faf6d2a677adfed72a6206256dd0ee49172276a3f5dba54c8b56b943ae072665e767384a9772556fc8184a6ccac
- SSDEEP
  
  98304:gInKsIw/hSMdlduiFIlATMwslTxUIY59LIlHufMhKmQwP1:7nh/MMdlXTMJTx0+dhuw9
Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit trojan
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Windows security bypass
  evasion trojan
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Manipulates WinMonFS driver.
  Roottkits write to WinMonFS to hide directories/files from being detected.
  rootkit evasion
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencerootkittrojan

© 2018-2025

Terms | Privacy