glupteba | ff5ee231fb67ce4c4043b36e10ec310933986b4fe2961317823fb8ef443d2317 | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-1703-x64

Sharing

Copy URL Twitter E-mail

General

Target

ff5ee231fb67ce4c4043b36e10ec310933986b4fe2961317823fb8ef443d2317
Size

4.1MB
Sample

231212-mjs5zabdbk
MD5

03f4726aa5a974eeff24e35538b2a503
SHA1

c933221f2eeb2266b4aede2c002449d51665eb7b
SHA256

ff5ee231fb67ce4c4043b36e10ec310933986b4fe2961317823fb8ef443d2317
SHA512

213b61d876ee16b16bc6551005af2231e652b6d9ff9cc1ccafaf495c5f17d05e03a177f03c283291bd51b46104ff29a665b85df898d915e6313be3298fd89360
SSDEEP

98304:fH4Y1uWBONoMrd7a2JPa5KsZzhtTpXf3/8m0Z+EtBz7MIVm3:v3rBONoYpJ9sZzhTf6xB3E

Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit trojan

Static task

static1

Behavioral task

behavioral1

Sample

ff5ee231fb67ce4c4043b36e10ec310933986b4fe2961317823fb8ef443d2317.exe

Resource

win10-20231129-en

glupteba discovery dropper evasion loader persistence rootkit trojan

windows10-1703-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  ff5ee231fb67ce4c4043b36e10ec310933986b4fe2961317823fb8ef443d2317
- Size
  
  4.1MB
- MD5
  
  03f4726aa5a974eeff24e35538b2a503
- SHA1
  
  c933221f2eeb2266b4aede2c002449d51665eb7b
- SHA256
  
  ff5ee231fb67ce4c4043b36e10ec310933986b4fe2961317823fb8ef443d2317
- SHA512
  
  213b61d876ee16b16bc6551005af2231e652b6d9ff9cc1ccafaf495c5f17d05e03a177f03c283291bd51b46104ff29a665b85df898d915e6313be3298fd89360
- SSDEEP
  
  98304:fH4Y1uWBONoMrd7a2JPa5KsZzhtTpXf3/8m0Z+EtBz7MIVm3:v3rBONoYpJ9sZzhTf6xB3E
Score

10^/10

glupteba discovery dropper evasion loader persistence rootkit trojan
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- Windows security bypass
  evasion trojan
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Manipulates WinMonFS driver.
  Roottkits write to WinMonFS to hide directories/files from being detected.
  rootkit evasion
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gluptebadiscoverydropperevasionloaderpersistencerootkittrojan

© 2018-2025

Terms | Privacy