General
-
Target
JaffaCakes118_8aa0896372c84465ec2c153ae0e52cea
-
Size
189KB
-
Sample
250328-npe1zaxkz9
-
MD5
8aa0896372c84465ec2c153ae0e52cea
-
SHA1
02e86601cd1dc584ee59cd7f45607ea3cc4d79f4
-
SHA256
2f64c0bb42e364108eb4a8f7134f5dd59aa64862fe8b1fed62aad9b2757fe4a3
-
SHA512
706a25651a10a16833a2ecf96f88442b9920ccd160b140bfccd716fd86547a17824aa34ac220ee331977dd110c488a4e84580f322066a541e88dbe45b02ccadc
-
SSDEEP
3072:VX1T/7/i+aCYjYT9IbbrMbvT0q8O1cZPzQ7IXMBc+AMP+QfQEhxFyVU7bm026qes:rTj/i+aCOG9GwvP6bQ7yMP+DE827y0x6
Malware Config
Extracted
metasploit
encoder/fnstenv_mov
Targets
-
-
Target
JaffaCakes118_8aa0896372c84465ec2c153ae0e52cea
-
Size
189KB
-
MD5
8aa0896372c84465ec2c153ae0e52cea
-
SHA1
02e86601cd1dc584ee59cd7f45607ea3cc4d79f4
-
SHA256
2f64c0bb42e364108eb4a8f7134f5dd59aa64862fe8b1fed62aad9b2757fe4a3
-
SHA512
706a25651a10a16833a2ecf96f88442b9920ccd160b140bfccd716fd86547a17824aa34ac220ee331977dd110c488a4e84580f322066a541e88dbe45b02ccadc
-
SSDEEP
3072:VX1T/7/i+aCYjYT9IbbrMbvT0q8O1cZPzQ7IXMBc+AMP+QfQEhxFyVU7bm026qes:rTj/i+aCOG9GwvP6bQ7yMP+DE827y0x6
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Modifies security service
-
Windows security bypass
-
Looks for VMWare Tools registry key
-
Deletes itself
-
Executes dropped EXE
-
Windows security modification
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Pre-OS Boot
1Bootkit
1Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
3Pre-OS Boot
1Bootkit
1Virtualization/Sandbox Evasion
1