General
-
Target
25a88764aa83912f104e5af0b2bed854_JaffaCakes118
-
Size
796KB
-
Sample
240704-v9wb1s1apl
-
MD5
25a88764aa83912f104e5af0b2bed854
-
SHA1
b71f8de3d10a7f11fb918b9f860696f32ce56ee4
-
SHA256
a0e9c6f24d3be919d403d20ad0f96f4a20170c7095ba0a2993a7ea0da7bb2bff
-
SHA512
e454bb20956950b3f078e39d57fd19dc79f78a0c7181fcddd6a53f5792e4ce687269c0e9473dc7e1b4bd7879f712f8e58b5546c392e09d13314f63d7b43745f0
-
SSDEEP
24576:b8hdCK0yXdOkdIrHJ0OdYjlaZ5+8OOzfRpeA4:bUpvdIndYxi5NOmJpY
Behavioral task
behavioral1
Sample
25a88764aa83912f104e5af0b2bed854_JaffaCakes118.exe
Resource
win7-20240611-en
Malware Config
Targets
-
-
Target
25a88764aa83912f104e5af0b2bed854_JaffaCakes118
-
Size
796KB
-
MD5
25a88764aa83912f104e5af0b2bed854
-
SHA1
b71f8de3d10a7f11fb918b9f860696f32ce56ee4
-
SHA256
a0e9c6f24d3be919d403d20ad0f96f4a20170c7095ba0a2993a7ea0da7bb2bff
-
SHA512
e454bb20956950b3f078e39d57fd19dc79f78a0c7181fcddd6a53f5792e4ce687269c0e9473dc7e1b4bd7879f712f8e58b5546c392e09d13314f63d7b43745f0
-
SSDEEP
24576:b8hdCK0yXdOkdIrHJ0OdYjlaZ5+8OOzfRpeA4:bUpvdIndYxi5NOmJpY
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Deletes itself
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3Virtualization/Sandbox Evasion
1