General
-
Target
ccfcc7f5e81fcbd91154fbe8b619b4bc_JaffaCakes118
-
Size
566KB
-
Sample
240831-rxvyyaycrc
-
MD5
ccfcc7f5e81fcbd91154fbe8b619b4bc
-
SHA1
a66af74229ee94cc21a0e41da34a62bac56403f1
-
SHA256
76d567e13a7cb9d97682944975accbeb0c4f3f6858ab84f64af849c4d5df25bb
-
SHA512
f9448886b119c179e89ac852578bc8c4fcb47093416392fce28f0032d0d4b34c33a98d89d964a424b62a9119c7c8d12fa37f53b4daef64bfb5c3d904bf7e3d18
-
SSDEEP
12288:WWTb+eCPaQnpt3SV7gO1Q6NIm5OgpiKMCIwLnw8SmU+ICD9r:WWT4PayptiVMO1ZNiWnw8D1r
Malware Config
Targets
-
-
Target
ccfcc7f5e81fcbd91154fbe8b619b4bc_JaffaCakes118
-
Size
566KB
-
MD5
ccfcc7f5e81fcbd91154fbe8b619b4bc
-
SHA1
a66af74229ee94cc21a0e41da34a62bac56403f1
-
SHA256
76d567e13a7cb9d97682944975accbeb0c4f3f6858ab84f64af849c4d5df25bb
-
SHA512
f9448886b119c179e89ac852578bc8c4fcb47093416392fce28f0032d0d4b34c33a98d89d964a424b62a9119c7c8d12fa37f53b4daef64bfb5c3d904bf7e3d18
-
SSDEEP
12288:WWTb+eCPaQnpt3SV7gO1Q6NIm5OgpiKMCIwLnw8SmU+ICD9r:WWT4PayptiVMO1ZNiWnw8D1r
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Checks for common network interception software
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
-
Looks for VirtualBox Guest Additions in registry
-
ModiLoader Second Stage
-
Adds policy Run key to start application
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2