General
-
Target
191f37c776f48d96f6a534a16bae86e4_JaffaCakes118
-
Size
1.3MB
-
Sample
240628-g9xyysybml
-
MD5
191f37c776f48d96f6a534a16bae86e4
-
SHA1
8a2c106422b6ad500f169d00742368fb9e01cdf5
-
SHA256
57475bd03d21854ad7a41906c12438220f5976e2dc960e923631aec4984e57ad
-
SHA512
abd1d05515900fdf98ae4dde04b9184bb98c69b966ae881df3ff89106c0256aae969e1935e4423635106f1e2c75b69835275e6f5ef2f27979372c14dae6ada94
-
SSDEEP
24576:Klf3/bGmXrUH5YPh4sN0PGlLhkBY9i2GWGNkFTGKGYCF8:Klfv3Xr8YGsN0enkUiDWHFTGKFCC
Static task
static1
Behavioral task
behavioral1
Sample
191f37c776f48d96f6a534a16bae86e4_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
191f37c776f48d96f6a534a16bae86e4_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
191f37c776f48d96f6a534a16bae86e4_JaffaCakes118
-
Size
1.3MB
-
MD5
191f37c776f48d96f6a534a16bae86e4
-
SHA1
8a2c106422b6ad500f169d00742368fb9e01cdf5
-
SHA256
57475bd03d21854ad7a41906c12438220f5976e2dc960e923631aec4984e57ad
-
SHA512
abd1d05515900fdf98ae4dde04b9184bb98c69b966ae881df3ff89106c0256aae969e1935e4423635106f1e2c75b69835275e6f5ef2f27979372c14dae6ada94
-
SSDEEP
24576:Klf3/bGmXrUH5YPh4sN0PGlLhkBY9i2GWGNkFTGKGYCF8:Klfv3Xr8YGsN0enkUiDWHFTGKFCC
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3Virtualization/Sandbox Evasion
1