Overview

overview

10

Static

static

3

Passcovery...40.exe

windows7-x64

7

Passcovery...40.exe

windows10-2004-x64

7

passcovery...sA.exe

windows7-x64

10

passcovery...sA.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_82baf1bc4e36ad69e77e94e4348b7911c60fcf1edc60d15ea363a68cecfbc4b1

  • Size

    5.0MB

  • Sample

    241229-bnqpvsxqhn

  • MD5

    f39e22c1590feb88a6fb38ef5647c953

  • SHA1

    91b3058a1b876fa671683ed744fae76c4d6a82ac

  • SHA256

    82baf1bc4e36ad69e77e94e4348b7911c60fcf1edc60d15ea363a68cecfbc4b1

  • SHA512

    e41956896fcf9978d6ab6caaf4186b6f7624980ced9eecc37b4038457ca407cf98e4f7500f8cccec16d8d24ddd8db805423d6f48eb3a32e2fdfb48aba3a51ed8

  • SSDEEP

    98304:DRfOpin2GQh2SN+G9DwBjkBLBaCwQu1oBH6xvTOe1wzlqOg7kdbrrenI/B:DopAo2U+G9Dw9WLBVwQu9lbtkNuIJ

Score
10/10
gluptebametasploitbackdoordiscoverydropperloadertrojan

Malware Config

Extracted

Family

metasploit

Version

windows/single_exec

Targets

    • Target

      Passcovery Suite 20.12 Build 3940.exe

    • Size

      744KB

    • MD5

      2e2a98af82534677ce6b57a343de7da9

    • SHA1

      3296928baf60b7426d23a172110504cb70288509

    • SHA256

      eae0e051032b89e30bf22954edbb30ec98144b250af7124cc9eba8c189328e31

    • SHA512

      436edfbf63ec60990fc6612d5f5ff2c8b13c891e112d7b683d6fbb4acb1f3d2b7b163559bf5726d3f4435c78c33d2131bb6a1f3a72ec98db892d65f1a21da3cb

    • SSDEEP

      12288:uaHc64b888888888888W88888888888yjscV7TdjL47zdU5im0gRv33rD+zG/oB4:F86LIW7uvmQz0fezG/aYFkJR30F6rp81

    Score
    7/10
    discovery

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      passcovery-suite-30-build-3262-PLND-APUzFGGV9gQAfUQCAFJVGQAfAJL5CWsA.exe

    • Size

      4.4MB

    • MD5

      ea755ee9027cd8234daf0324f6441e60

    • SHA1

      f8e55c27133c8e72b38a9d14c91d76e1a5a67eeb

    • SHA256

      6c63fb9f8a9d48e5a5235e3bcfe78edaa6d5624f67b602a5cf64a4ab2807e9d1

    • SHA512

      0bf5ac35a287bc6036f59ff875e46357967148b6eb6fb5407fc0010bae1cbce80efe5f928c9dc02c81f50d07454f668d1fd0737ca135b582217d3e27cab5ef3b

    • SSDEEP

      98304:WgpzrEBzsZRLkdkFAimgJDLU3HhhqfTOoPApxPQ1tTqWm:fxrEeLkdkWhgJHUWTOFxPY

    Score
    10/10
    gluptebametasploitbackdoordiscoverydropperloadertrojan

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

      loaderdropperglupteba

    • Glupteba family

      glupteba

    • Glupteba payload

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Metasploit family

      metasploit
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks