Extracted

• • Target

    7acea744aed66cba6a73ebb81052af38_JaffaCakes118

  • Size

    4.4MB

  • MD5

    7acea744aed66cba6a73ebb81052af38

  • SHA1

    5ba93e4201f8b05de6f333c253fc10bbfd147d56

  • SHA256

    30471f6f937611ff3868013eccd4b8fd33150e7bd0c25e49bc1ae53c2f3ad78a

  • SHA512

    2f9a53c20835d66b89ec793685e046246c7d3fc20275d6d18b4a0a176e2c63b3f3f094490298bc20d0c357eb2cb25ee60120e9f9083584a11ba0b47b5373e691

  • SSDEEP

    98304:ngiA9a74YOMaUPO34Bg8IDOf5lqxqaKQ3bgq:ngvQ4QaDoBgQaKGgq

  Score

  10^/10

  gluptebametasploitbackdoordiscoverydropperevasionloaderpersistenceprivilege_escalationrootkittrojan

  • Glupteba

    Glupteba is a modular loader written in Golang with various components.

    loaderdropperglupteba

  • Glupteba family

    glupteba

  • Glupteba payload

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Windows security bypass

    evasiontrojan

  • Modifies Windows Firewall

    evasion

  • Executes dropped EXE

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Manipulates WinMonFS driver.

    Roottkits write to WinMonFS to hide directories/files from being detected.

    rootkitevasion

  • Modifies boot configuration data using bcdedit

  behavioral1behavioral2