glupteba | be33ed4f9d804207cde82fe2402766243c4739a2c4d9319cf4781858eca82e07 | Triage

Submit
Reports

Overview

overview

Static

static

1

f50d7e5eb8...18.exe

windows7-x64

f50d7e5eb8...18.exe

windows10-2004-x64

Sharing

General

Target

f50d7e5eb828c1b64b674b1decf32416_JaffaCakes118
Size

4.4MB
Sample

240417-e9c8fafd91
MD5

f50d7e5eb828c1b64b674b1decf32416
SHA1

1d2dfe56e6693572cebc72ce617a03070798c7a3
SHA256

be33ed4f9d804207cde82fe2402766243c4739a2c4d9319cf4781858eca82e07
SHA512

269bae52d7877fa4a138cb3106402a5d7cff2132e8448b559c40ee1515ff88b548ea37a22e59da29c790f20a22e64fa22993d35a6788b85507808cd8c7653eab
SSDEEP

98304:iQRi8rzyu4absB48jEzr5ufxD7k4eArxz3JAq6B:iQRiiKabU4YEzFux04fxWlB

Score

10^/10

glupteba metasploit backdoor dropper evasion loader trojan

Static task

static1

Behavioral task

behavioral1

Sample

f50d7e5eb828c1b64b674b1decf32416_JaffaCakes118.exe

Resource

win7-20240221-en

glupteba metasploit backdoor dropper evasion loader trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

f50d7e5eb828c1b64b674b1decf32416_JaffaCakes118.exe

Resource

win10v2004-20240226-en

glupteba metasploit backdoor dropper evasion loader trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

windows/single_exec

Targets

- Target
  
  f50d7e5eb828c1b64b674b1decf32416_JaffaCakes118
- Size
  
  4.4MB
- MD5
  
  f50d7e5eb828c1b64b674b1decf32416
- SHA1
  
  1d2dfe56e6693572cebc72ce617a03070798c7a3
- SHA256
  
  be33ed4f9d804207cde82fe2402766243c4739a2c4d9319cf4781858eca82e07
- SHA512
  
  269bae52d7877fa4a138cb3106402a5d7cff2132e8448b559c40ee1515ff88b548ea37a22e59da29c790f20a22e64fa22993d35a6788b85507808cd8c7653eab
- SSDEEP
  
  98304:iQRi8rzyu4absB48jEzr5ufxD7k4eArxz3JAq6B:iQRiiKabU4YEzFux04fxWlB
Score

10^/10

glupteba metasploit backdoor dropper evasion loader trojan
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Modifies Windows Firewall
  evasion
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

gluptebametasploitbackdoordropperevasionloadertrojan

behavioral2

gluptebametasploitbackdoordropperevasionloadertrojan

© 2018-2024

Terms | Privacy