General
-
Target
84c36a70a98533921cacd836ef30ebfe_JaffaCakes118
-
Size
1.7MB
-
Sample
240810-ets9qazamf
-
MD5
84c36a70a98533921cacd836ef30ebfe
-
SHA1
d3ba7c4e8c1e8c1d577b938dba3cd3f119ef46be
-
SHA256
32a5c218542909452e8899b603b2973717c6a5b8c414a0d6549b7fc1cae8d05d
-
SHA512
6701efca6cc85b3d43ffe07fbcaeff9b6871b923f6e78502f0c0c8478d64b8023128f08af4877273de01760895b7f1f5152f07ab24b68fc3d3508398f1eedbc1
-
SSDEEP
49152:4GnEGnEGnEGnEGnEGnEGnEGnEGnEGnEGnEGnEGnz:THHHHHHHHHHHHz
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
84c36a70a98533921cacd836ef30ebfe_JaffaCakes118
-
Size
1.7MB
-
MD5
84c36a70a98533921cacd836ef30ebfe
-
SHA1
d3ba7c4e8c1e8c1d577b938dba3cd3f119ef46be
-
SHA256
32a5c218542909452e8899b603b2973717c6a5b8c414a0d6549b7fc1cae8d05d
-
SHA512
6701efca6cc85b3d43ffe07fbcaeff9b6871b923f6e78502f0c0c8478d64b8023128f08af4877273de01760895b7f1f5152f07ab24b68fc3d3508398f1eedbc1
-
SSDEEP
49152:4GnEGnEGnEGnEGnEGnEGnEGnEGnEGnEGnEGnEGnz:THHHHHHHHHHHHz
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Modifies firewall policy service
-
Windows security bypass
-
Modifies Windows Firewall
-
Deletes itself
-
Executes dropped EXE
-
Windows security modification
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
4Disable or Modify System Firewall
2Disable or Modify Tools
2Modify Registry
3