General
-
Target
JaffaCakes118_6bb927f58f83ef088dc1e3c5294f3410
-
Size
344KB
-
Sample
250103-lm539sxmdy
-
MD5
6bb927f58f83ef088dc1e3c5294f3410
-
SHA1
269a78bd0d4c537a822a01bc9e315e5b03f73e51
-
SHA256
e68d0193879ab5a0c533dd1f4340040dcd2968c8a9b4840ef95122a0d096b147
-
SHA512
e9901f1e6d68981ff0654b1eba4a680a0fda327d0a982e86457561fc561ef49a3b7b40da5354054319a9c0603cd694d79d54fdd4700a5c836ddb08c3df5976d2
-
SSDEEP
6144:Zu1cbOp7CGR6SF6/t0oZYG/uZWttmdNautb5r0PTF:QibOpml1R1mZWTXCO5
Malware Config
Targets
-
-
Target
JaffaCakes118_6bb927f58f83ef088dc1e3c5294f3410
-
Size
344KB
-
MD5
6bb927f58f83ef088dc1e3c5294f3410
-
SHA1
269a78bd0d4c537a822a01bc9e315e5b03f73e51
-
SHA256
e68d0193879ab5a0c533dd1f4340040dcd2968c8a9b4840ef95122a0d096b147
-
SHA512
e9901f1e6d68981ff0654b1eba4a680a0fda327d0a982e86457561fc561ef49a3b7b40da5354054319a9c0603cd694d79d54fdd4700a5c836ddb08c3df5976d2
-
SSDEEP
6144:Zu1cbOp7CGR6SF6/t0oZYG/uZWttmdNautb5r0PTF:QibOpml1R1mZWTXCO5
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
Checks for common network interception software
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
-
Looks for VirtualBox Guest Additions in registry
-
ModiLoader Second Stage
-
Adds policy Run key to start application
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2