General

  • Target

    830eebe6df9b3a630e5f1121edf9b6e0_JaffaCakes118

  • Size

    2.6MB

  • Sample

    241031-pw69gayfrj

  • MD5

    830eebe6df9b3a630e5f1121edf9b6e0

  • SHA1

    4bc91575fcd1e1d23d29173e46e6b3799dfd356a

  • SHA256

    133d300f84e5618555830faf95b9e18d476baf6632f3fe7ddcea80edcf8e26d9

  • SHA512

    4e0dc4b58fba5a0db76f330bf4fa7e1ee927a784fd41fa22d9e4558215c4b7a537cc2553d305f26bfe0597f64e38600b5e54ea202e26ec09ca5a4ca92caec5f0

  • SSDEEP

    49152:jZL0aQAKFCXmYXjXOWd+hikewCSCOcjCjF/KYmP/yJOnpvkJMLJz:jZL0EKCXmYXjX7hwDBix6QpMJMLJz

Malware Config

Targets

    • Target

      830eebe6df9b3a630e5f1121edf9b6e0_JaffaCakes118

    • Size

      2.6MB

    • MD5

      830eebe6df9b3a630e5f1121edf9b6e0

    • SHA1

      4bc91575fcd1e1d23d29173e46e6b3799dfd356a

    • SHA256

      133d300f84e5618555830faf95b9e18d476baf6632f3fe7ddcea80edcf8e26d9

    • SHA512

      4e0dc4b58fba5a0db76f330bf4fa7e1ee927a784fd41fa22d9e4558215c4b7a537cc2553d305f26bfe0597f64e38600b5e54ea202e26ec09ca5a4ca92caec5f0

    • SSDEEP

      49152:jZL0aQAKFCXmYXjXOWd+hikewCSCOcjCjF/KYmP/yJOnpvkJMLJz:jZL0EKCXmYXjX7hwDBix6QpMJMLJz

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modiloader family

    • ModiLoader Second Stage

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks