glupteba | 7e84701cffdcf15cd6b2d84229ea5385f411e65d6e76792009c8b3483d0e0a95 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

dridex

windows10-1703-x64

Sharing

General

Target

7e84701cffdcf15cd6b2d84229ea5385f411e65d6e76792009c8b3483d0e0a95
Size

4.2MB
Sample

231212-jwamlshdck
MD5

fa2d1fdbac883808e45a30cce7fd9cdb
SHA1

0e20074b9748804d726a4b1e4d06ba8741f5dbe8
SHA256

7e84701cffdcf15cd6b2d84229ea5385f411e65d6e76792009c8b3483d0e0a95
SHA512

82fe3d721e3f21c15b46a56d539d846c6b46312b0c7a6c824035a78ff0b4797009dd67787c005f91092b6529980cab8833ec869cb2c3a780df7d9952c0a26d25
SSDEEP

98304:P+HPz90i0r5NhFDQ6Nzo46jjSHRUaZfFWAU:PA9ohpToqHRl9zU

Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit trojan

Static task

static1

Behavioral task

behavioral1

Sample

7e84701cffdcf15cd6b2d84229ea5385f411e65d6e76792009c8b3483d0e0a95.exe

Resource

win10-20231129-en

glupteba discovery dropper evasion loader persistence rootkit trojan

windows10-1703-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  7e84701cffdcf15cd6b2d84229ea5385f411e65d6e76792009c8b3483d0e0a95
- Size
  
  4.2MB
- MD5
  
  fa2d1fdbac883808e45a30cce7fd9cdb
- SHA1
  
  0e20074b9748804d726a4b1e4d06ba8741f5dbe8
- SHA256
  
  7e84701cffdcf15cd6b2d84229ea5385f411e65d6e76792009c8b3483d0e0a95
- SHA512
  
  82fe3d721e3f21c15b46a56d539d846c6b46312b0c7a6c824035a78ff0b4797009dd67787c005f91092b6529980cab8833ec869cb2c3a780df7d9952c0a26d25
- SSDEEP
  
  98304:P+HPz90i0r5NhFDQ6Nzo46jjSHRUaZfFWAU:PA9ohpToqHRl9zU
Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit trojan
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Windows security bypass
  evasion trojan
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Manipulates WinMonFS driver.
  Roottkits write to WinMonFS to hide directories/files from being detected.
  rootkit evasion
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencerootkittrojan

© 2018-2025

Terms | Privacy