General

  • Target

    JaffaCakes118_b017fe6735837733fa21b0b90352596034a498c7c2a0beaf526833bfb3993762

  • Size

    4.1MB

  • Sample

    241224-wmax8stjdt

  • MD5

    1239c5d6d1e21efbe698bbfeeba4490b

  • SHA1

    4a8187385f2eb679310eef2d8f796869c8ba72f9

  • SHA256

    b017fe6735837733fa21b0b90352596034a498c7c2a0beaf526833bfb3993762

  • SHA512

    c2154c7f8b43a67e636f63e9dfe04c01662c6c6a64574f50aad28bcbc377daca4e44d88456a9802b6a53e8752d6642581cbd993392b9c4d82ad2b6e69939c3c4

  • SSDEEP

    98304:ByHWXCDith7ILf5QuJDlR4MM16jvPtqHUVB2Kth/VZ7JnqYEPM:YDiLIT5xj5D4Cb/Zo0

Malware Config

Targets

    • Target

      JaffaCakes118_b017fe6735837733fa21b0b90352596034a498c7c2a0beaf526833bfb3993762

    • Size

      4.1MB

    • MD5

      1239c5d6d1e21efbe698bbfeeba4490b

    • SHA1

      4a8187385f2eb679310eef2d8f796869c8ba72f9

    • SHA256

      b017fe6735837733fa21b0b90352596034a498c7c2a0beaf526833bfb3993762

    • SHA512

      c2154c7f8b43a67e636f63e9dfe04c01662c6c6a64574f50aad28bcbc377daca4e44d88456a9802b6a53e8752d6642581cbd993392b9c4d82ad2b6e69939c3c4

    • SSDEEP

      98304:ByHWXCDith7ILf5QuJDlR4MM16jvPtqHUVB2Kth/VZ7JnqYEPM:YDiLIT5xj5D4Cb/Zo0

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba family

    • Glupteba payload

    • Windows security bypass

    • Modifies boot configuration data using bcdedit

    • Drops file in Drivers directory

    • Modifies Windows Firewall

    • Possible attempt to disable PatchGuard

      Rootkits can use kernel patching to embed themselves in an operating system.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMon driver.

      Roottkits write to WinMon to hide PIDs from being detected.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

MITRE ATT&CK Enterprise v15

Tasks