General

  • Target

    JaffaCakes118_774d14ffbe6e0aff82a198720d7f15ca99901248da6bf5a49a99796699051138

  • Size

    4.4MB

  • Sample

    241222-mft8vsvlfk

  • MD5

    7afbfb5f71a9c4dbe66d06e66ae277de

  • SHA1

    e0aeeebddb5d96fa5c551977b0277697861576af

  • SHA256

    774d14ffbe6e0aff82a198720d7f15ca99901248da6bf5a49a99796699051138

  • SHA512

    02ba09525f08421705581afb06788f4b9858081f8433c886f1744fe643376a09779d8c04e181cdcd455634a0542175f9ca3406f7d271376b93bfd3159da2eb03

  • SSDEEP

    98304:jGebZXmdZjqIFXa4okO31wvC27vAOCBnn4drh/TtTEXHl:KeJmLGIR9yKTrmBn4drhOV

Malware Config

Extracted

Family

metasploit

Version

windows/single_exec

Targets

    • Target

      JaffaCakes118_774d14ffbe6e0aff82a198720d7f15ca99901248da6bf5a49a99796699051138

    • Size

      4.4MB

    • MD5

      7afbfb5f71a9c4dbe66d06e66ae277de

    • SHA1

      e0aeeebddb5d96fa5c551977b0277697861576af

    • SHA256

      774d14ffbe6e0aff82a198720d7f15ca99901248da6bf5a49a99796699051138

    • SHA512

      02ba09525f08421705581afb06788f4b9858081f8433c886f1744fe643376a09779d8c04e181cdcd455634a0542175f9ca3406f7d271376b93bfd3159da2eb03

    • SSDEEP

      98304:jGebZXmdZjqIFXa4okO31wvC27vAOCBnn4drh/TtTEXHl:KeJmLGIR9yKTrmBn4drhOV

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba family

    • Glupteba payload

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Metasploit family

    • Windows security bypass

    • Modifies boot configuration data using bcdedit

    • Drops file in Drivers directory

    • Modifies Windows Firewall

    • Possible attempt to disable PatchGuard

      Rootkits can use kernel patching to embed themselves in an operating system.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMon driver.

      Roottkits write to WinMon to hide PIDs from being detected.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.