General
-
Target
5db4cf73b0d9ae96ae84b11d328bd72d_JaffaCakes118
-
Size
3.8MB
-
Sample
240719-z54vtatgjb
-
MD5
5db4cf73b0d9ae96ae84b11d328bd72d
-
SHA1
fc519971bcf55a7b39ecff73aafaa048c81cbc4a
-
SHA256
54482bb6491ac66552a0756efee503ca56c165c957bea15703719058dc057b3d
-
SHA512
ee7df60a2747d0180ce60ca43e8d9394eb4922c10f328e5410229a8928e813ed6116b25ea473c659e95e58c1271b078d689caae5471cce7680d1e351acd1d51a
-
SSDEEP
98304:7HM/18G8jtzKtLiZ4QNh56thk7RrvBkDy7M0szFJ:7s/1TQzKK4QB6U7lvBkWwZ
Malware Config
Targets
-
-
Target
5db4cf73b0d9ae96ae84b11d328bd72d_JaffaCakes118
-
Size
3.8MB
-
MD5
5db4cf73b0d9ae96ae84b11d328bd72d
-
SHA1
fc519971bcf55a7b39ecff73aafaa048c81cbc4a
-
SHA256
54482bb6491ac66552a0756efee503ca56c165c957bea15703719058dc057b3d
-
SHA512
ee7df60a2747d0180ce60ca43e8d9394eb4922c10f328e5410229a8928e813ed6116b25ea473c659e95e58c1271b078d689caae5471cce7680d1e351acd1d51a
-
SSDEEP
98304:7HM/18G8jtzKtLiZ4QNh56thk7RrvBkDy7M0szFJ:7s/1TQzKK4QB6U7lvBkWwZ
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Windows security bypass
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1