General
-
Target
7eed4997ee6c4849897eb209a77fd7e6_JaffaCakes118
-
Size
5.6MB
-
Sample
240529-arvybaaf8s
-
MD5
7eed4997ee6c4849897eb209a77fd7e6
-
SHA1
7782165d630383a1989d7bd490d867950427582c
-
SHA256
073a6467004030962b905321bf0ab10474e2dad822256dcf1f38e70a5ce3056f
-
SHA512
7cedd5073c28dd913a2a07ad49d2ea88716d25c40bdee1357eaad9c6bd884097198af0989e9d5c3ae38a3f4e834ae4a0ba3c6f2c4a69e0ba794213143e0c8ca6
-
SSDEEP
49152:9CPZG2y/zWox8ckgfCXZk2DKTUpLxfaA/nKMTOV9ejPjb6OUlMXhoG1Lob1b+QTh:Wyt3fCXZJKlA/ndXh51YcyDEe
Malware Config
Targets
-
-
Target
7eed4997ee6c4849897eb209a77fd7e6_JaffaCakes118
-
Size
5.6MB
-
MD5
7eed4997ee6c4849897eb209a77fd7e6
-
SHA1
7782165d630383a1989d7bd490d867950427582c
-
SHA256
073a6467004030962b905321bf0ab10474e2dad822256dcf1f38e70a5ce3056f
-
SHA512
7cedd5073c28dd913a2a07ad49d2ea88716d25c40bdee1357eaad9c6bd884097198af0989e9d5c3ae38a3f4e834ae4a0ba3c6f2c4a69e0ba794213143e0c8ca6
-
SSDEEP
49152:9CPZG2y/zWox8ckgfCXZk2DKTUpLxfaA/nKMTOV9ejPjb6OUlMXhoG1Lob1b+QTh:Wyt3fCXZJKlA/ndXh51YcyDEe
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Windows security bypass
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1