General
-
Target
f0466f63db57f3a629cb37a54de3e202_JaffaCakes118
-
Size
171KB
-
Sample
241214-xxhaqs1nhw
-
MD5
f0466f63db57f3a629cb37a54de3e202
-
SHA1
d9d5be3efec8964b53c054e65c14e586b6196222
-
SHA256
e0bac03f4bf0f79e71fd185fee80fb310d35c6a73e0c19243d532df1767e9af6
-
SHA512
a7976767d282294c560348ea4d3be81b5d1025ee7b3c5b1740a2dfe2f01c4a07747fa8b01d85bbb640be79c813910154e7c85a9b06ed66df31926e6299f07b96
-
SSDEEP
3072:SX52abdMtQMSd1w9nRJYlgVxIN9h1PN84mOyWxe7T:q5nb3i9nRJ+gVE/88xen
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
f0466f63db57f3a629cb37a54de3e202_JaffaCakes118
-
Size
171KB
-
MD5
f0466f63db57f3a629cb37a54de3e202
-
SHA1
d9d5be3efec8964b53c054e65c14e586b6196222
-
SHA256
e0bac03f4bf0f79e71fd185fee80fb310d35c6a73e0c19243d532df1767e9af6
-
SHA512
a7976767d282294c560348ea4d3be81b5d1025ee7b3c5b1740a2dfe2f01c4a07747fa8b01d85bbb640be79c813910154e7c85a9b06ed66df31926e6299f07b96
-
SSDEEP
3072:SX52abdMtQMSd1w9nRJYlgVxIN9h1PN84mOyWxe7T:q5nb3i9nRJ+gVE/88xen
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Modifies firewall policy service
-
Windows security bypass
-
Modifies Windows Firewall
-
Deletes itself
-
Executes dropped EXE
-
Windows security modification
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
4Disable or Modify System Firewall
2Disable or Modify Tools
2Modify Registry
3