General

  • Target

    25a88764aa83912f104e5af0b2bed854_JaffaCakes118

  • Size

    796KB

  • Sample

    240704-v9wb1s1apl

  • MD5

    25a88764aa83912f104e5af0b2bed854

  • SHA1

    b71f8de3d10a7f11fb918b9f860696f32ce56ee4

  • SHA256

    a0e9c6f24d3be919d403d20ad0f96f4a20170c7095ba0a2993a7ea0da7bb2bff

  • SHA512

    e454bb20956950b3f078e39d57fd19dc79f78a0c7181fcddd6a53f5792e4ce687269c0e9473dc7e1b4bd7879f712f8e58b5546c392e09d13314f63d7b43745f0

  • SSDEEP

    24576:b8hdCK0yXdOkdIrHJ0OdYjlaZ5+8OOzfRpeA4:bUpvdIndYxi5NOmJpY

Malware Config

Targets

    • Target

      25a88764aa83912f104e5af0b2bed854_JaffaCakes118

    • Size

      796KB

    • MD5

      25a88764aa83912f104e5af0b2bed854

    • SHA1

      b71f8de3d10a7f11fb918b9f860696f32ce56ee4

    • SHA256

      a0e9c6f24d3be919d403d20ad0f96f4a20170c7095ba0a2993a7ea0da7bb2bff

    • SHA512

      e454bb20956950b3f078e39d57fd19dc79f78a0c7181fcddd6a53f5792e4ce687269c0e9473dc7e1b4bd7879f712f8e58b5546c392e09d13314f63d7b43745f0

    • SSDEEP

      24576:b8hdCK0yXdOkdIrHJ0OdYjlaZ5+8OOzfRpeA4:bUpvdIndYxi5NOmJpY

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • UAC bypass

    • ModiLoader Second Stage

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Deletes itself

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks