General
-
Target
fb6d20f65b416175e7e143e6788c3d80_JaffaCakes118
-
Size
3.5MB
-
Sample
240928-d7dkravelj
-
MD5
fb6d20f65b416175e7e143e6788c3d80
-
SHA1
57b37e800038b0b715e821ecf022819358f9d778
-
SHA256
fe5d79f5ea53a484afc369cea2d69b58c1d49566abf34b14903844fe8ae45393
-
SHA512
130b37dc8cad2021e61b0b17f23a7034ee015b257b0510e063d1ca4e5599b9f9d5e2902d0201fa1bb2bbcfee142ba8569b56e0a1cd6da6a5f613a5eaa4a97afe
-
SSDEEP
98304:7x1ip0aTD1md0aQr5B9/Gxqcgar6SoXueiQA:F40UcdNQr5jH7arLoXviQA
Static task
static1
Behavioral task
behavioral1
Sample
fb6d20f65b416175e7e143e6788c3d80_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
fb6d20f65b416175e7e143e6788c3d80_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
fb6d20f65b416175e7e143e6788c3d80_JaffaCakes118
-
Size
3.5MB
-
MD5
fb6d20f65b416175e7e143e6788c3d80
-
SHA1
57b37e800038b0b715e821ecf022819358f9d778
-
SHA256
fe5d79f5ea53a484afc369cea2d69b58c1d49566abf34b14903844fe8ae45393
-
SHA512
130b37dc8cad2021e61b0b17f23a7034ee015b257b0510e063d1ca4e5599b9f9d5e2902d0201fa1bb2bbcfee142ba8569b56e0a1cd6da6a5f613a5eaa4a97afe
-
SSDEEP
98304:7x1ip0aTD1md0aQr5B9/Gxqcgar6SoXueiQA:F40UcdNQr5jH7arLoXviQA
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3Virtualization/Sandbox Evasion
1