General
-
Target
11f9a0cb3db7528b45c4eb165937c4df_JaffaCakes118
-
Size
4.9MB
-
Sample
240626-pr8lqsxekn
-
MD5
11f9a0cb3db7528b45c4eb165937c4df
-
SHA1
56a4f48f7f4577a89ca0646dd181010af9a77f3e
-
SHA256
2f55e634ded2ac5e13e244a1372b4c103b1438ea8cef243ea441c1c841ee1e62
-
SHA512
a0740702eba88d1febc81e79cb8533a947c10819551b63a83f4f704c92fc4b960183d86d765c09638c6f62089cda09a1a29e383d3fee07a5b31749ef1d1c70b0
-
SSDEEP
98304:RQLyuN8gZiG/hYEKIxbmQMd5qHj8S9sQ4RGSp9hYB7TWs7znQLU:SCgZi2bbKd5MjjAJe9o
Malware Config
Targets
-
-
Target
11f9a0cb3db7528b45c4eb165937c4df_JaffaCakes118
-
Size
4.9MB
-
MD5
11f9a0cb3db7528b45c4eb165937c4df
-
SHA1
56a4f48f7f4577a89ca0646dd181010af9a77f3e
-
SHA256
2f55e634ded2ac5e13e244a1372b4c103b1438ea8cef243ea441c1c841ee1e62
-
SHA512
a0740702eba88d1febc81e79cb8533a947c10819551b63a83f4f704c92fc4b960183d86d765c09638c6f62089cda09a1a29e383d3fee07a5b31749ef1d1c70b0
-
SSDEEP
98304:RQLyuN8gZiG/hYEKIxbmQMd5qHj8S9sQ4RGSp9hYB7TWs7znQLU:SCgZi2bbKd5MjjAJe9o
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Windows security bypass
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1