General
-
Target
30748fa10d6f01380a90b88343646962_JaffaCakes118
-
Size
6.5MB
-
Sample
240709-p5hx8swgjf
-
MD5
30748fa10d6f01380a90b88343646962
-
SHA1
c8a2065d45b74bd1c86f1c0351cc5f4c83031049
-
SHA256
213e034663582b13fa9cb31775dd5ab796bc3742721ec22e9dc313ec107ab246
-
SHA512
c877565d74bdc0c8643c25949f86876074c23cb734f18b013efc51d37752b0df94b98cc35308bdf7245dad221542ca4ee9f1741c4746fad6bde19814689c74f1
-
SSDEEP
196608:MMNQDbG/a0gE8wUU1ZnhBKP1x5m9xGv1Wuo/3D:LZZ5oLEz1/T
Malware Config
Targets
-
-
Target
30748fa10d6f01380a90b88343646962_JaffaCakes118
-
Size
6.5MB
-
MD5
30748fa10d6f01380a90b88343646962
-
SHA1
c8a2065d45b74bd1c86f1c0351cc5f4c83031049
-
SHA256
213e034663582b13fa9cb31775dd5ab796bc3742721ec22e9dc313ec107ab246
-
SHA512
c877565d74bdc0c8643c25949f86876074c23cb734f18b013efc51d37752b0df94b98cc35308bdf7245dad221542ca4ee9f1741c4746fad6bde19814689c74f1
-
SSDEEP
196608:MMNQDbG/a0gE8wUU1ZnhBKP1x5m9xGv1Wuo/3D:LZZ5oLEz1/T
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Windows security bypass
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1