General
-
Target
0a2e7973d5e8f4d6b61a319f0979b3d9_JaffaCakes118
-
Size
764KB
-
Sample
240621-ja4zbsvenk
-
MD5
0a2e7973d5e8f4d6b61a319f0979b3d9
-
SHA1
ec5e4acb489ca1c8e2822826e9cf774c4d0279b0
-
SHA256
dfe418970b757d06f3daf6440be402e10c55aceacc6804d5a97e63653cc050f0
-
SHA512
cddf263145013e0577d55b8c41b9dc1e4e62a32a41ac0aadacf79257956a152a274baee59e98c0fb2c3e7ccafd82ad5120ff98b10e6e7b8f59d209ade3bc7501
-
SSDEEP
12288:ogxL8BCOm8ZvsqXHo8E+cjrDtnaP+i3ecSNxusZ++x1rJMijV8k3DE2wF4W:og98BCO19XI91rIdehxusZ3txb3DC
Behavioral task
behavioral1
Sample
0a2e7973d5e8f4d6b61a319f0979b3d9_JaffaCakes118.exe
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
0a2e7973d5e8f4d6b61a319f0979b3d9_JaffaCakes118
-
Size
764KB
-
MD5
0a2e7973d5e8f4d6b61a319f0979b3d9
-
SHA1
ec5e4acb489ca1c8e2822826e9cf774c4d0279b0
-
SHA256
dfe418970b757d06f3daf6440be402e10c55aceacc6804d5a97e63653cc050f0
-
SHA512
cddf263145013e0577d55b8c41b9dc1e4e62a32a41ac0aadacf79257956a152a274baee59e98c0fb2c3e7ccafd82ad5120ff98b10e6e7b8f59d209ade3bc7501
-
SSDEEP
12288:ogxL8BCOm8ZvsqXHo8E+cjrDtnaP+i3ecSNxusZ++x1rJMijV8k3DE2wF4W:og98BCO19XI91rIdehxusZ3txb3DC
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Deletes itself
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3Virtualization/Sandbox Evasion
1