General
-
Target
f7f1657c681eb2a991df0162fa136085_JaffaCakes118
-
Size
4.4MB
-
Sample
240418-n4ptqadf8y
-
MD5
f7f1657c681eb2a991df0162fa136085
-
SHA1
d94e563c0fc8715a0b0c60932d04ce051ab32cc4
-
SHA256
9b2f3159d474b368aa9a676d5ba6a010c6971166000356dd0374a2df41100570
-
SHA512
83dd362be0910e1260691588fe4f7d17231b44b67b37f17560986ed4e1991d32a339d31d38bdfe30ebf20ee583a8f1463a6a73536ea1340c383b26b5ef7af86b
-
SSDEEP
98304:Lg3aFLu687Bg/hl/Qcl3sCGCPWbi8+/7NkKpFWBsj:3lul7Bg5l/QerPEA/RkUWw
Static task
static1
Behavioral task
behavioral1
Sample
f7f1657c681eb2a991df0162fa136085_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f7f1657c681eb2a991df0162fa136085_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
metasploit
windows/single_exec
Targets
-
-
Target
f7f1657c681eb2a991df0162fa136085_JaffaCakes118
-
Size
4.4MB
-
MD5
f7f1657c681eb2a991df0162fa136085
-
SHA1
d94e563c0fc8715a0b0c60932d04ce051ab32cc4
-
SHA256
9b2f3159d474b368aa9a676d5ba6a010c6971166000356dd0374a2df41100570
-
SHA512
83dd362be0910e1260691588fe4f7d17231b44b67b37f17560986ed4e1991d32a339d31d38bdfe30ebf20ee583a8f1463a6a73536ea1340c383b26b5ef7af86b
-
SSDEEP
98304:Lg3aFLu687Bg/hl/Qcl3sCGCPWbi8+/7NkKpFWBsj:3lul7Bg5l/QerPEA/RkUWw
-
Glupteba payload
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1