General
-
Target
dea54cce1eba09ac2442858e728d479b_JaffaCakes118
-
Size
6.9MB
-
Sample
240913-wxg5as1hmf
-
MD5
dea54cce1eba09ac2442858e728d479b
-
SHA1
013528d0fe3351c20f11dc8666b400a9d6448da5
-
SHA256
a2f40cc2c691a7e002a8045cfbaa627db8c7cfd23cb72cff62137bc3c44cc50f
-
SHA512
12800068ed09eec8b926476397d1db3c21e49263d0bac7b97d93bff7ea73e51a5275156f482cf28c3801e16bc13ff9353c149d723b77222fa1a73b7b9c3a8ca1
-
SSDEEP
98304:8OjMTGQPjawIiacd789YK3vBtpPA/Ibt1YcyDRqG:8OATGUArOK3v/p9N2qG
Malware Config
Targets
-
-
Target
dea54cce1eba09ac2442858e728d479b_JaffaCakes118
-
Size
6.9MB
-
MD5
dea54cce1eba09ac2442858e728d479b
-
SHA1
013528d0fe3351c20f11dc8666b400a9d6448da5
-
SHA256
a2f40cc2c691a7e002a8045cfbaa627db8c7cfd23cb72cff62137bc3c44cc50f
-
SHA512
12800068ed09eec8b926476397d1db3c21e49263d0bac7b97d93bff7ea73e51a5275156f482cf28c3801e16bc13ff9353c149d723b77222fa1a73b7b9c3a8ca1
-
SSDEEP
98304:8OjMTGQPjawIiacd789YK3vBtpPA/Ibt1YcyDRqG:8OATGUArOK3v/p9N2qG
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba payload
-
Windows security bypass
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
3Disable or Modify System Firewall
1Disable or Modify Tools
2Modify Registry
4Subvert Trust Controls
1Install Root Certificate
1