General

  • Target

    fb6d20f65b416175e7e143e6788c3d80_JaffaCakes118

  • Size

    3.5MB

  • Sample

    240928-d7dkravelj

  • MD5

    fb6d20f65b416175e7e143e6788c3d80

  • SHA1

    57b37e800038b0b715e821ecf022819358f9d778

  • SHA256

    fe5d79f5ea53a484afc369cea2d69b58c1d49566abf34b14903844fe8ae45393

  • SHA512

    130b37dc8cad2021e61b0b17f23a7034ee015b257b0510e063d1ca4e5599b9f9d5e2902d0201fa1bb2bbcfee142ba8569b56e0a1cd6da6a5f613a5eaa4a97afe

  • SSDEEP

    98304:7x1ip0aTD1md0aQr5B9/Gxqcgar6SoXueiQA:F40UcdNQr5jH7arLoXviQA

Malware Config

Targets

    • Target

      fb6d20f65b416175e7e143e6788c3d80_JaffaCakes118

    • Size

      3.5MB

    • MD5

      fb6d20f65b416175e7e143e6788c3d80

    • SHA1

      57b37e800038b0b715e821ecf022819358f9d778

    • SHA256

      fe5d79f5ea53a484afc369cea2d69b58c1d49566abf34b14903844fe8ae45393

    • SHA512

      130b37dc8cad2021e61b0b17f23a7034ee015b257b0510e063d1ca4e5599b9f9d5e2902d0201fa1bb2bbcfee142ba8569b56e0a1cd6da6a5f613a5eaa4a97afe

    • SSDEEP

      98304:7x1ip0aTD1md0aQr5B9/Gxqcgar6SoXueiQA:F40UcdNQr5jH7arLoXviQA

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • UAC bypass

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Network Share Discovery

      Attempt to gather information on host network.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.