General
-
Target
bb96ca6e41d5ef37ed2facf44afb028f_JaffaCakes118
-
Size
532KB
-
Sample
241203-eckw1svjaq
-
MD5
bb96ca6e41d5ef37ed2facf44afb028f
-
SHA1
470c65398f828f659e354ee20461fc2500c02bdf
-
SHA256
cdd5df5f8b28a2d1273595763b0dd1e0a99bb672dee27023cf6b3505aad6d585
-
SHA512
697e41437b36ba4cffd1cbd2d2206cc95ecd182077f01a14c7bc580e54c1c6fc17704b01827201a56ad223f3d80b2574964475d1692c0ffe5909c39f76f1353e
-
SSDEEP
6144:ALBKFDwYhPgmbHCsbffZsUNfLwTEM2cTaOZZESC5DUANspeDoUNcTIT:AAFDLbi4fhNDwYPcNJChUqspeDoa
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
bb96ca6e41d5ef37ed2facf44afb028f_JaffaCakes118
-
Size
532KB
-
MD5
bb96ca6e41d5ef37ed2facf44afb028f
-
SHA1
470c65398f828f659e354ee20461fc2500c02bdf
-
SHA256
cdd5df5f8b28a2d1273595763b0dd1e0a99bb672dee27023cf6b3505aad6d585
-
SHA512
697e41437b36ba4cffd1cbd2d2206cc95ecd182077f01a14c7bc580e54c1c6fc17704b01827201a56ad223f3d80b2574964475d1692c0ffe5909c39f76f1353e
-
SSDEEP
6144:ALBKFDwYhPgmbHCsbffZsUNfLwTEM2cTaOZZESC5DUANspeDoUNcTIT:AAFDLbi4fhNDwYPcNJChUqspeDoa
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Modifies WinLogon for persistence
-
Modifies security service
-
Windows security bypass
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1