General
-
Target
e6c9ec0cf5a24665dc259352ca67face_JaffaCakes118
-
Size
2.9MB
-
Sample
240917-pbc5wssard
-
MD5
e6c9ec0cf5a24665dc259352ca67face
-
SHA1
c6a1fc7f0c46782999fd356c60d6e66889918c57
-
SHA256
ba6ebb75ddaf850392f61dd6d4e878a7283a43f996ec2677777e3b2fbf9e1e9d
-
SHA512
a9af0a5af15db59542160ac74a57213bae309445d7ea2f04cafc61b1d4d68f83de1f6be664aaa65c6d3bebdaa0699389f281f1c2670eb17e88ef71645853693f
-
SSDEEP
49152:X65xtuYXTLtFyhVkCkctkTotsE2jgnL4f/DBrGFbKocfTbn7PSUC6m1voZf41pP8:Xs2qUtsE2jdXDB0bKocfOBNARsZYl
Malware Config
Targets
-
-
Target
e6c9ec0cf5a24665dc259352ca67face_JaffaCakes118
-
Size
2.9MB
-
MD5
e6c9ec0cf5a24665dc259352ca67face
-
SHA1
c6a1fc7f0c46782999fd356c60d6e66889918c57
-
SHA256
ba6ebb75ddaf850392f61dd6d4e878a7283a43f996ec2677777e3b2fbf9e1e9d
-
SHA512
a9af0a5af15db59542160ac74a57213bae309445d7ea2f04cafc61b1d4d68f83de1f6be664aaa65c6d3bebdaa0699389f281f1c2670eb17e88ef71645853693f
-
SSDEEP
49152:X65xtuYXTLtFyhVkCkctkTotsE2jgnL4f/DBrGFbKocfTbn7PSUC6m1voZf41pP8:Xs2qUtsE2jdXDB0bKocfOBNARsZYl
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Windows security bypass
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
3Disable or Modify System Firewall
1Disable or Modify Tools
2Modify Registry
4Subvert Trust Controls
1Install Root Certificate
1