Extracted

• • Target

    f67ac68040dcf6a7c499bbc0d149397d_JaffaCakes118

  • Size

    4.4MB

  • MD5

    f67ac68040dcf6a7c499bbc0d149397d

  • SHA1

    4e61f7ca82126d8aab52a1881965d1ed38f93769

  • SHA256

    7b8a8c6b1b0bf9d637c94f73d189f81398837eaa1d9cd431eeff6e7a398a32b4

  • SHA512

    4398c085593c7756257dd3eaf859b5e16a393280d2bd2601902c3e44453ad77748a32c95ee9c5ceaf998ebb4b23ab3a9d235351865d2ffe33387657102b61719

  • SSDEEP

    98304:/MnpKSZysIUJDO7lTEWp+E/zFCDzq4RMZXNxstXfuBGtbGERHpc8tac:kgOyxotW8MzFCyNef/EERHp3tac

  Score

  10^/10

  gluptebametasploitbackdoordropperevasionloaderransomwaretrojan

  • Glupteba

    Glupteba is a modular loader written in Golang with various components.

    loaderdropperglupteba

  • Glupteba payload

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Modifies Windows Firewall

    evasion

  • Possible attempt to disable PatchGuard

    Rootkits can use kernel patching to embed themselves in an operating system.

    evasion
  behavioral1behavioral2