General
-
Target
JaffaCakes118_ef2a760770d865130ff88f0dd21bf060fc0c009212cf12ca6ee8cfcb68c1705e
-
Size
4.4MB
-
Sample
241224-s4fcha1jdv
-
MD5
dc8f17f809d5854db455cf56a1a5e133
-
SHA1
2306c6234f3491c4b6ac1510711c7069149d5ea0
-
SHA256
ef2a760770d865130ff88f0dd21bf060fc0c009212cf12ca6ee8cfcb68c1705e
-
SHA512
c1820df5f4ba2c31f833d34d74cf65ca02b9ad5430f888e3e229087e173969055a9bddc7198ca4a3dd4215473e893fb6195814908d2450d1ee610ab6e316e63b
-
SSDEEP
98304:aoKMe6V8Z529vh0JZQK6GozeiGw5zCovIcVOWJMcjd+M+2QZoy8EH+Hzko244V1Y:7V2sMJCzZjkWJMid+f2Coy8y+Tko2pDY
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_ef2a760770d865130ff88f0dd21bf060fc0c009212cf12ca6ee8cfcb68c1705e.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_ef2a760770d865130ff88f0dd21bf060fc0c009212cf12ca6ee8cfcb68c1705e.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
metasploit
windows/single_exec
Targets
-
-
Target
JaffaCakes118_ef2a760770d865130ff88f0dd21bf060fc0c009212cf12ca6ee8cfcb68c1705e
-
Size
4.4MB
-
MD5
dc8f17f809d5854db455cf56a1a5e133
-
SHA1
2306c6234f3491c4b6ac1510711c7069149d5ea0
-
SHA256
ef2a760770d865130ff88f0dd21bf060fc0c009212cf12ca6ee8cfcb68c1705e
-
SHA512
c1820df5f4ba2c31f833d34d74cf65ca02b9ad5430f888e3e229087e173969055a9bddc7198ca4a3dd4215473e893fb6195814908d2450d1ee610ab6e316e63b
-
SSDEEP
98304:aoKMe6V8Z529vh0JZQK6GozeiGw5zCovIcVOWJMcjd+M+2QZoy8EH+Hzko244V1Y:7V2sMJCzZjkWJMid+f2Coy8y+Tko2pDY
-
Glupteba family
-
Glupteba payload
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Modifies boot configuration data using bcdedit
-
Drops file in Drivers directory
-
Modifies Windows Firewall
-
Possible attempt to disable PatchGuard
Rootkits can use kernel patching to embed themselves in an operating system.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
2Modify Registry
4Subvert Trust Controls
1Install Root Certificate
1