General

  • Target

    7ecf68b67578d1552e18e7122d59d0b6_JaffaCakes118

  • Size

    5.1MB

  • Sample

    241030-mhbjja1fng

  • MD5

    7ecf68b67578d1552e18e7122d59d0b6

  • SHA1

    ec4e8a1e185bcfc6a08a88d0484acef618ca8dcf

  • SHA256

    5b24623774f21fdf9752f62d4882b4a820b8070ccea5a15d30d98a98cbeb8c41

  • SHA512

    baf99760596e60cc58dbfb08b254293a8b74bb38eb70c4b47a152cc4fd573b5c782a982b35907d416367067f8256a883b7aa40c113a0377099fe8638fe173891

  • SSDEEP

    49152:LUAmvbzyUc4R917L8I0HmA8sWb5LhwnRES5cqhywRWaW3aw597Y9pB3Cn:QAW/TP1fA8vb5Gnegcayw45Ki9kb0n

Malware Config

Targets

    • Target

      7ecf68b67578d1552e18e7122d59d0b6_JaffaCakes118

    • Size

      5.1MB

    • MD5

      7ecf68b67578d1552e18e7122d59d0b6

    • SHA1

      ec4e8a1e185bcfc6a08a88d0484acef618ca8dcf

    • SHA256

      5b24623774f21fdf9752f62d4882b4a820b8070ccea5a15d30d98a98cbeb8c41

    • SHA512

      baf99760596e60cc58dbfb08b254293a8b74bb38eb70c4b47a152cc4fd573b5c782a982b35907d416367067f8256a883b7aa40c113a0377099fe8638fe173891

    • SSDEEP

      49152:LUAmvbzyUc4R917L8I0HmA8sWb5LhwnRES5cqhywRWaW3aw597Y9pB3Cn:QAW/TP1fA8vb5Gnegcayw45Ki9kb0n

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modiloader family

    • ModiLoader Second Stage

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks