General

  • Target

    9b93520faa88b85b354caafe082ac78c_JaffaCakes118

  • Size

    5.2MB

  • Sample

    241125-p1yg5atnbj

  • MD5

    9b93520faa88b85b354caafe082ac78c

  • SHA1

    0fc1a91f3e2e0169f4ec485271462efe0009e8d5

  • SHA256

    c32dba544a6618d4a8028b7ee99c6405d5a686bb0231f1210f64027f1fa61176

  • SHA512

    ed95e5c910d35972cfbfed99522af44a2bd49516cb65a303f6152c976f56d601683cd467373ce0f871a2bcbad51e9463a34325fe443c703a30f2b86c8da58012

  • SSDEEP

    49152:ismZ0BJvyS9EQplsPhTpx29ZeTsq7stO5UNHeMAFr/U:ipZ03vpmk6ha9AstOiIz5

Malware Config

Targets

    • Target

      9b93520faa88b85b354caafe082ac78c_JaffaCakes118

    • Size

      5.2MB

    • MD5

      9b93520faa88b85b354caafe082ac78c

    • SHA1

      0fc1a91f3e2e0169f4ec485271462efe0009e8d5

    • SHA256

      c32dba544a6618d4a8028b7ee99c6405d5a686bb0231f1210f64027f1fa61176

    • SHA512

      ed95e5c910d35972cfbfed99522af44a2bd49516cb65a303f6152c976f56d601683cd467373ce0f871a2bcbad51e9463a34325fe443c703a30f2b86c8da58012

    • SSDEEP

      49152:ismZ0BJvyS9EQplsPhTpx29ZeTsq7stO5UNHeMAFr/U:ipZ03vpmk6ha9AstOiIz5

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modiloader family

    • ModiLoader Second Stage

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks