General

  • Target

    0a2e7973d5e8f4d6b61a319f0979b3d9_JaffaCakes118

  • Size

    764KB

  • Sample

    240621-ja4zbsvenk

  • MD5

    0a2e7973d5e8f4d6b61a319f0979b3d9

  • SHA1

    ec5e4acb489ca1c8e2822826e9cf774c4d0279b0

  • SHA256

    dfe418970b757d06f3daf6440be402e10c55aceacc6804d5a97e63653cc050f0

  • SHA512

    cddf263145013e0577d55b8c41b9dc1e4e62a32a41ac0aadacf79257956a152a274baee59e98c0fb2c3e7ccafd82ad5120ff98b10e6e7b8f59d209ade3bc7501

  • SSDEEP

    12288:ogxL8BCOm8ZvsqXHo8E+cjrDtnaP+i3ecSNxusZ++x1rJMijV8k3DE2wF4W:og98BCO19XI91rIdehxusZ3txb3DC

Malware Config

Targets

    • Target

      0a2e7973d5e8f4d6b61a319f0979b3d9_JaffaCakes118

    • Size

      764KB

    • MD5

      0a2e7973d5e8f4d6b61a319f0979b3d9

    • SHA1

      ec5e4acb489ca1c8e2822826e9cf774c4d0279b0

    • SHA256

      dfe418970b757d06f3daf6440be402e10c55aceacc6804d5a97e63653cc050f0

    • SHA512

      cddf263145013e0577d55b8c41b9dc1e4e62a32a41ac0aadacf79257956a152a274baee59e98c0fb2c3e7ccafd82ad5120ff98b10e6e7b8f59d209ade3bc7501

    • SSDEEP

      12288:ogxL8BCOm8ZvsqXHo8E+cjrDtnaP+i3ecSNxusZ++x1rJMijV8k3DE2wF4W:og98BCO19XI91rIdehxusZ3txb3DC

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • UAC bypass

    • ModiLoader Second Stage

    • Deletes itself

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks