General
-
Target
f67ac68040dcf6a7c499bbc0d149397d_JaffaCakes118
-
Size
4.4MB
-
Sample
240417-xxtzjabd37
-
MD5
f67ac68040dcf6a7c499bbc0d149397d
-
SHA1
4e61f7ca82126d8aab52a1881965d1ed38f93769
-
SHA256
7b8a8c6b1b0bf9d637c94f73d189f81398837eaa1d9cd431eeff6e7a398a32b4
-
SHA512
4398c085593c7756257dd3eaf859b5e16a393280d2bd2601902c3e44453ad77748a32c95ee9c5ceaf998ebb4b23ab3a9d235351865d2ffe33387657102b61719
-
SSDEEP
98304:/MnpKSZysIUJDO7lTEWp+E/zFCDzq4RMZXNxstXfuBGtbGERHpc8tac:kgOyxotW8MzFCyNef/EERHp3tac
Malware Config
Extracted
metasploit
windows/single_exec
Targets
-
-
Target
f67ac68040dcf6a7c499bbc0d149397d_JaffaCakes118
-
Size
4.4MB
-
MD5
f67ac68040dcf6a7c499bbc0d149397d
-
SHA1
4e61f7ca82126d8aab52a1881965d1ed38f93769
-
SHA256
7b8a8c6b1b0bf9d637c94f73d189f81398837eaa1d9cd431eeff6e7a398a32b4
-
SHA512
4398c085593c7756257dd3eaf859b5e16a393280d2bd2601902c3e44453ad77748a32c95ee9c5ceaf998ebb4b23ab3a9d235351865d2ffe33387657102b61719
-
SSDEEP
98304:/MnpKSZysIUJDO7lTEWp+E/zFCDzq4RMZXNxstXfuBGtbGERHpc8tac:kgOyxotW8MzFCyNef/EERHp3tac
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Modifies boot configuration data using bcdedit
-
Modifies Windows Firewall
-
Possible attempt to disable PatchGuard
Rootkits can use kernel patching to embed themselves in an operating system.
-