General
-
Target
JaffaCakes118_78f01f5f688b1941231aa9f3ef666670
-
Size
320KB
-
Sample
250104-lg71nswjcj
-
MD5
78f01f5f688b1941231aa9f3ef666670
-
SHA1
99c95580497532048e734959f394e16483432c99
-
SHA256
34b88c8aa8664a6cee184a38e8960b53a6afb2fb65f411d4b0392bf9a2bb8b9f
-
SHA512
7c8b8c2d2aa0a757a8a098634982691da6b8650c008daf2b67ad9ebf51a3038580f785728f0f698dbdba7558b224d53fd58a00cea16fb6efe4b9cbbf0ff1f478
-
SSDEEP
6144:XktqQ7kFhx3EMmfSYUcH9nK8xsnMi1M0gdDTn:0tPif2EIgJ1M0QDTn
Malware Config
Targets
-
-
Target
JaffaCakes118_78f01f5f688b1941231aa9f3ef666670
-
Size
320KB
-
MD5
78f01f5f688b1941231aa9f3ef666670
-
SHA1
99c95580497532048e734959f394e16483432c99
-
SHA256
34b88c8aa8664a6cee184a38e8960b53a6afb2fb65f411d4b0392bf9a2bb8b9f
-
SHA512
7c8b8c2d2aa0a757a8a098634982691da6b8650c008daf2b67ad9ebf51a3038580f785728f0f698dbdba7558b224d53fd58a00cea16fb6efe4b9cbbf0ff1f478
-
SSDEEP
6144:XktqQ7kFhx3EMmfSYUcH9nK8xsnMi1M0gdDTn:0tPif2EIgJ1M0QDTn
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
Checks for common network interception software
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
-
Looks for VirtualBox Guest Additions in registry
-
ModiLoader Second Stage
-
Adds policy Run key to start application
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2