General

  • Target

    1c101db2daf76a3fd49172ed7855abfe_JaffaCakes118

  • Size

    562KB

  • Sample

    240506-mjsjfaha9t

  • MD5

    1c101db2daf76a3fd49172ed7855abfe

  • SHA1

    fdcb04aeef75df5b7c5635054654292d893e4dd9

  • SHA256

    1dd0bf89c416a276deb5bba33d65a8a0c5a5653e4f9d3178d6745313b1416f81

  • SHA512

    3ead35c9dba09e421359f4eed7cbf92b0e7f46920f88fb5e62be13051476efaf3ca722786c960c2095b9813268eefdce3196e8b8ce15f21c81a887738fb6f1f9

  • SSDEEP

    12288:nxibnc/66oWkCd5JGtsu8e4DTUqwJSGDnzQcle4ySC7swBOZxQ:x6i6jl45JWsuN4HwQ8byF73OZW

Malware Config

Targets

    • Target

      1c101db2daf76a3fd49172ed7855abfe_JaffaCakes118

    • Size

      562KB

    • MD5

      1c101db2daf76a3fd49172ed7855abfe

    • SHA1

      fdcb04aeef75df5b7c5635054654292d893e4dd9

    • SHA256

      1dd0bf89c416a276deb5bba33d65a8a0c5a5653e4f9d3178d6745313b1416f81

    • SHA512

      3ead35c9dba09e421359f4eed7cbf92b0e7f46920f88fb5e62be13051476efaf3ca722786c960c2095b9813268eefdce3196e8b8ce15f21c81a887738fb6f1f9

    • SSDEEP

      12288:nxibnc/66oWkCd5JGtsu8e4DTUqwJSGDnzQcle4ySC7swBOZxQ:x6i6jl45JWsuN4HwQ8byF73OZW

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Checks for common network interception software

      Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.

    • Looks for VirtualBox Guest Additions in registry

    • ModiLoader Second Stage

    • Adds policy Run key to start application

    • Looks for VMWare Tools registry key

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Deletes itself

    • Adds Run key to start application

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks