General
-
Target
ff7fca4fc0f549d41eda37e3654ac201_JaffaCakes118
-
Size
4.5MB
-
Sample
240421-rwwh3sdd26
-
MD5
ff7fca4fc0f549d41eda37e3654ac201
-
SHA1
93ec5d58617a0da40cf73632da5881fe47ee308b
-
SHA256
a0b5a4ccc8b929703d7943ce5375d5e7ddb055bb3341de337d6a0ecec95c26cd
-
SHA512
e5e83ec60ef8be8c60646eeb3ac105e7cccba4e82422151e7ae8dc041cfca5448ea26e8f0c93166bb6d33bc280602dfac3dcfe4126718b9fc45278740f54e36c
-
SSDEEP
98304:6EtIRL6Rg2iD71iWturBNDErHKM8R53QjI/uB005Wh+EUN:6EtCLjp1turBNDE2M8zJe9M+BN
Static task
static1
Behavioral task
behavioral1
Sample
ff7fca4fc0f549d41eda37e3654ac201_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ff7fca4fc0f549d41eda37e3654ac201_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
metasploit
windows/single_exec
Targets
-
-
Target
ff7fca4fc0f549d41eda37e3654ac201_JaffaCakes118
-
Size
4.5MB
-
MD5
ff7fca4fc0f549d41eda37e3654ac201
-
SHA1
93ec5d58617a0da40cf73632da5881fe47ee308b
-
SHA256
a0b5a4ccc8b929703d7943ce5375d5e7ddb055bb3341de337d6a0ecec95c26cd
-
SHA512
e5e83ec60ef8be8c60646eeb3ac105e7cccba4e82422151e7ae8dc041cfca5448ea26e8f0c93166bb6d33bc280602dfac3dcfe4126718b9fc45278740f54e36c
-
SSDEEP
98304:6EtIRL6Rg2iD71iWturBNDErHKM8R53QjI/uB005Wh+EUN:6EtCLjp1turBNDE2M8zJe9M+BN
-
Glupteba payload
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1