General

  • Target

    f7f1657c681eb2a991df0162fa136085_JaffaCakes118

  • Size

    4.4MB

  • Sample

    240418-n4ptqadf8y

  • MD5

    f7f1657c681eb2a991df0162fa136085

  • SHA1

    d94e563c0fc8715a0b0c60932d04ce051ab32cc4

  • SHA256

    9b2f3159d474b368aa9a676d5ba6a010c6971166000356dd0374a2df41100570

  • SHA512

    83dd362be0910e1260691588fe4f7d17231b44b67b37f17560986ed4e1991d32a339d31d38bdfe30ebf20ee583a8f1463a6a73536ea1340c383b26b5ef7af86b

  • SSDEEP

    98304:Lg3aFLu687Bg/hl/Qcl3sCGCPWbi8+/7NkKpFWBsj:3lul7Bg5l/QerPEA/RkUWw

Malware Config

Extracted

Family

metasploit

Version

windows/single_exec

Targets

    • Target

      f7f1657c681eb2a991df0162fa136085_JaffaCakes118

    • Size

      4.4MB

    • MD5

      f7f1657c681eb2a991df0162fa136085

    • SHA1

      d94e563c0fc8715a0b0c60932d04ce051ab32cc4

    • SHA256

      9b2f3159d474b368aa9a676d5ba6a010c6971166000356dd0374a2df41100570

    • SHA512

      83dd362be0910e1260691588fe4f7d17231b44b67b37f17560986ed4e1991d32a339d31d38bdfe30ebf20ee583a8f1463a6a73536ea1340c383b26b5ef7af86b

    • SSDEEP

      98304:Lg3aFLu687Bg/hl/Qcl3sCGCPWbi8+/7NkKpFWBsj:3lul7Bg5l/QerPEA/RkUWw

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Windows security bypass

    • Modifies Windows Firewall

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

MITRE ATT&CK Enterprise v15

Tasks