General

  • Target

    25392a5ce7f40affefba9be7db7a5fe0_JaffaCakes118

  • Size

    2.6MB

  • Sample

    240704-j1xb6stglg

  • MD5

    25392a5ce7f40affefba9be7db7a5fe0

  • SHA1

    b81ea515a834d4c7a549277f6f59b282d187a61c

  • SHA256

    590a30f9410ef7c6faa13fc8e82446adf4b3c2219f76b4a506c31f9f070a6b61

  • SHA512

    68573eb43ebe2867c56855ff5f4919bf8b2ee80423814b4a0e4aa0d1c910a141f9a6ce2a3b4cfa5c193327ac489a850c7c416b7af7c218ce308520dcb60fddf6

  • SSDEEP

    49152:dbVhjM3E50Dv/EplF+2YNtZXXFjAseTKA2PFbaKSgjDjOouPpR040a:NfiE5lpzRiXXBAseTKA2PZa5gjHqphZ

Malware Config

Targets

    • Target

      25392a5ce7f40affefba9be7db7a5fe0_JaffaCakes118

    • Size

      2.6MB

    • MD5

      25392a5ce7f40affefba9be7db7a5fe0

    • SHA1

      b81ea515a834d4c7a549277f6f59b282d187a61c

    • SHA256

      590a30f9410ef7c6faa13fc8e82446adf4b3c2219f76b4a506c31f9f070a6b61

    • SHA512

      68573eb43ebe2867c56855ff5f4919bf8b2ee80423814b4a0e4aa0d1c910a141f9a6ce2a3b4cfa5c193327ac489a850c7c416b7af7c218ce308520dcb60fddf6

    • SSDEEP

      49152:dbVhjM3E50Dv/EplF+2YNtZXXFjAseTKA2PFbaKSgjDjOouPpR040a:NfiE5lpzRiXXBAseTKA2PZa5gjHqphZ

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • ModiLoader Second Stage

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks