General
-
Target
fc40d07e6890e2c380dc1dc4c8e1c394_JaffaCakes118
-
Size
4.4MB
-
Sample
240420-je527acd2z
-
MD5
fc40d07e6890e2c380dc1dc4c8e1c394
-
SHA1
45fbd03ed8d7a67f2fac3d595676eb9e179f8c22
-
SHA256
2773a3124185998bc50dc642de4d98e81e4708eb9ce71c878b5009f91c255e90
-
SHA512
c75e4b3c472b822dc5be74293fa4e667d75ec23d83ebb39dc9d67f31f264ae2f8d9ce773fd304e0b3ac3fd35d65aded322c293e98d03ba01664bcdad68aafc9d
-
SSDEEP
98304:pQ4dKhSnSex8syTyeA0+ZyQqlevfIU3xzhM11v9:LdNOs0prQqUvbxzO1v9
Static task
static1
Behavioral task
behavioral1
Sample
fc40d07e6890e2c380dc1dc4c8e1c394_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
fc40d07e6890e2c380dc1dc4c8e1c394_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
metasploit
windows/single_exec
Targets
-
-
Target
fc40d07e6890e2c380dc1dc4c8e1c394_JaffaCakes118
-
Size
4.4MB
-
MD5
fc40d07e6890e2c380dc1dc4c8e1c394
-
SHA1
45fbd03ed8d7a67f2fac3d595676eb9e179f8c22
-
SHA256
2773a3124185998bc50dc642de4d98e81e4708eb9ce71c878b5009f91c255e90
-
SHA512
c75e4b3c472b822dc5be74293fa4e667d75ec23d83ebb39dc9d67f31f264ae2f8d9ce773fd304e0b3ac3fd35d65aded322c293e98d03ba01664bcdad68aafc9d
-
SSDEEP
98304:pQ4dKhSnSex8syTyeA0+ZyQqlevfIU3xzhM11v9:LdNOs0prQqUvbxzO1v9
-
Glupteba payload
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1