Extracted

• • Target

    JaffaCakes118_dfe51f4fc71eafc8f83745a247574138c19407ec9657d1e1ce559f489dc1d61e

  • Size

    4.4MB

  • MD5

    d66670c626771779a2e3e5ed2b2c01e6

  • SHA1

    c6f89ced35185c4e49283a3b3f87210400c065ce

  • SHA256

    dfe51f4fc71eafc8f83745a247574138c19407ec9657d1e1ce559f489dc1d61e

  • SHA512

    274093705b530a20d2a57f02673ce91314457049a83955d33a4cad924127b463325d527c29302554440251b83272e44251d7cc0deaf7f0ed8c4f1d54c55fb462

  • SSDEEP

    98304:MU0WGBD5VzCQp42nkQM7Z4fhDmol5re5U:PdMDCQVk32Nvv

  Score

  10^/10

  gluptebametasploitbackdoordiscoverydropperevasionloaderpersistenceprivilege_escalationrootkittrojan

  • Glupteba

    Glupteba is a modular loader written in Golang with various components.

    loaderdropperglupteba

  • Glupteba family

    glupteba

  • Glupteba payload

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Windows security bypass

    evasiontrojan

  • Modifies boot configuration data using bcdedit

  • Drops file in Drivers directory

  • Modifies Windows Firewall

    evasion

  • Possible attempt to disable PatchGuard

    Rootkits can use kernel patching to embed themselves in an operating system.

    evasion

  • Executes dropped EXE

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Manipulates WinMon driver.

    Roottkits write to WinMon to hide PIDs from being detected.

    rootkitevasion

  • Manipulates WinMonFS driver.

    Roottkits write to WinMonFS to hide directories/files from being detected.

    rootkitevasion
  behavioral1behavioral2