General

  • Target

    JaffaCakes118_7e9e4e4cca527508e8ba3e1e8a59e0e7a39d6804e677c57652e1b44f1eead9f1

  • Size

    4.2MB

  • Sample

    241226-254wxstrgv

  • MD5

    b6ce1e0ef0287c02dc19b4e043921214

  • SHA1

    f21b74d9fc0947e9d2044e166b02e3f03bcaba5e

  • SHA256

    7e9e4e4cca527508e8ba3e1e8a59e0e7a39d6804e677c57652e1b44f1eead9f1

  • SHA512

    af5d3301968dbeb1d9b58f4a78ecb2504081f905656cbc19e2831c43e90c28e831eac1f485143ff82a649f95ddcd08401faa629e143f6cdb0c4ef8af379a0c54

  • SSDEEP

    98304:jHWXNdMGWC294mpBzirq73fZh483RqlCQ+NBj0X04ib/J4:KX/d29veqbI83clQX4ia

Malware Config

Extracted

Family

metasploit

Version

windows/single_exec

Targets

    • Target

      JaffaCakes118_7e9e4e4cca527508e8ba3e1e8a59e0e7a39d6804e677c57652e1b44f1eead9f1

    • Size

      4.2MB

    • MD5

      b6ce1e0ef0287c02dc19b4e043921214

    • SHA1

      f21b74d9fc0947e9d2044e166b02e3f03bcaba5e

    • SHA256

      7e9e4e4cca527508e8ba3e1e8a59e0e7a39d6804e677c57652e1b44f1eead9f1

    • SHA512

      af5d3301968dbeb1d9b58f4a78ecb2504081f905656cbc19e2831c43e90c28e831eac1f485143ff82a649f95ddcd08401faa629e143f6cdb0c4ef8af379a0c54

    • SSDEEP

      98304:jHWXNdMGWC294mpBzirq73fZh483RqlCQ+NBj0X04ib/J4:KX/d29veqbI83clQX4ia

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba family

    • Glupteba payload

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Metasploit family

    • Windows security bypass

    • Modifies boot configuration data using bcdedit

    • Drops file in Drivers directory

    • Modifies Windows Firewall

    • Possible attempt to disable PatchGuard

      Rootkits can use kernel patching to embed themselves in an operating system.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Manipulates WinMon driver.

      Roottkits write to WinMon to hide PIDs from being detected.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.