General
-
Target
468dcdb06c6733d0048a75360d52e1a4_JaffaCakes118
-
Size
3.8MB
-
Sample
240515-rgqdhsch71
-
MD5
468dcdb06c6733d0048a75360d52e1a4
-
SHA1
eb1ad2cb3ddb7ac6560cf30cc7c286bd31989b1d
-
SHA256
803f140bd2b1a74fe2334a0f68337fbd85adc6074dff8fc6bea58b6f2a5ab457
-
SHA512
b78b6e303b4264727e157e559fcb947c7016087e453d4449001a5378297fc6306cec59aabec418f4a08e32101d7e74eca689a8801de451dbb76c5e696f4b0909
-
SSDEEP
49152:ARuPPnhH53LFZLGbPG/mvDI7ZpZGyip8QCW3c7DfjqcPm93gBmXjKozboyujkXOa:AebSqmvkd6y/WcHjlm93kKKglWVJM
Malware Config
Targets
-
-
Target
468dcdb06c6733d0048a75360d52e1a4_JaffaCakes118
-
Size
3.8MB
-
MD5
468dcdb06c6733d0048a75360d52e1a4
-
SHA1
eb1ad2cb3ddb7ac6560cf30cc7c286bd31989b1d
-
SHA256
803f140bd2b1a74fe2334a0f68337fbd85adc6074dff8fc6bea58b6f2a5ab457
-
SHA512
b78b6e303b4264727e157e559fcb947c7016087e453d4449001a5378297fc6306cec59aabec418f4a08e32101d7e74eca689a8801de451dbb76c5e696f4b0909
-
SSDEEP
49152:ARuPPnhH53LFZLGbPG/mvDI7ZpZGyip8QCW3c7DfjqcPm93gBmXjKozboyujkXOa:AebSqmvkd6y/WcHjlm93kKKglWVJM
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Windows security bypass
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1