General
-
Target
JaffaCakes118_54f0a4bcdae11eb7f22560b278e4b63a2f8bd6556a52fa45ac9b3c7462e8826d
-
Size
4.3MB
-
Sample
241229-blr5xaxqcr
-
MD5
c317716f38b4110059e6861c22b751e4
-
SHA1
603f8a836fb542c114fed25d6d32281663f4ebf8
-
SHA256
54f0a4bcdae11eb7f22560b278e4b63a2f8bd6556a52fa45ac9b3c7462e8826d
-
SHA512
dfd643f61fd8977fba89304ba344c118ef3e1288bbd471d831e05a2e3e1396bc813da08b5873931bd6277f184955a3f17ecb19ac2e94a5a5150fbe6b4bba3fb9
-
SSDEEP
98304:75smRrI8l31tXy5Bl5tdmDp0DVsjKkOenvtvoJ:7Jasyp5OeD2jTDv6J
Malware Config
Extracted
metasploit
windows/single_exec
Targets
-
-
Target
JaffaCakes118_54f0a4bcdae11eb7f22560b278e4b63a2f8bd6556a52fa45ac9b3c7462e8826d
-
Size
4.3MB
-
MD5
c317716f38b4110059e6861c22b751e4
-
SHA1
603f8a836fb542c114fed25d6d32281663f4ebf8
-
SHA256
54f0a4bcdae11eb7f22560b278e4b63a2f8bd6556a52fa45ac9b3c7462e8826d
-
SHA512
dfd643f61fd8977fba89304ba344c118ef3e1288bbd471d831e05a2e3e1396bc813da08b5873931bd6277f184955a3f17ecb19ac2e94a5a5150fbe6b4bba3fb9
-
SSDEEP
98304:75smRrI8l31tXy5Bl5tdmDp0DVsjKkOenvtvoJ:7Jasyp5OeD2jTDv6J
Score10/10-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba family
-
Glupteba payload
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Windows security bypass
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
3Disable or Modify System Firewall
1Disable or Modify Tools
2Modify Registry
4Subvert Trust Controls
1Install Root Certificate
1