Extracted

• • Target

    JaffaCakes118_8e77e7c2feda9c83319109a4e485e9d974e344fb105b2329aae21c3bbe394d0a

  • Size

    4.4MB

  • MD5

    30388f1fad131dd6a0fd85a549aff7b0

  • SHA1

    d990197def7b006e8f3c096540b60276215e86b1

  • SHA256

    8e77e7c2feda9c83319109a4e485e9d974e344fb105b2329aae21c3bbe394d0a

  • SHA512

    3f5f0f8c0f6307f650b59b4be7e5ee97e1144760d40363f2715efb5a3ef4eb600b5148820e9d96a602548a13b4d84e0625f6d9e94f838bf792022d1d85cb9fc4

  • SSDEEP

    98304:55IR4k5sITlHARZVDufSU7Gyl3OaoG7zqjRuZCb7lnw:55q4kSI1e7k7Gyl3CYo3XK

  Score

  10^/10

  gluptebametasploitbackdoordiscoverydropperevasionloaderpersistenceprivilege_escalationtrojanrootkit

  • Glupteba

    Glupteba is a modular loader written in Golang with various components.

    loaderdropperglupteba

  • Glupteba family

    glupteba

  • Glupteba payload

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Windows security bypass

    evasiontrojan

  • Modifies Windows Firewall

    evasion

  • Executes dropped EXE

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Manipulates WinMonFS driver.

    Roottkits write to WinMonFS to hide directories/files from being detected.

    rootkitevasion
  behavioral1behavioral2