General
-
Target
25c023f3b929b3ea1267bc3369407c23_JaffaCakes118
-
Size
781KB
-
Sample
240704-wvhytasall
-
MD5
25c023f3b929b3ea1267bc3369407c23
-
SHA1
ccdefda67f17b302a79a5215dd0aabe24af3eaab
-
SHA256
49508a3ffd45f5dc5ca81655f0861ae8222329a7f7bf2f58efba1f8db5980160
-
SHA512
bdc2b0b988b9a4d41cc1a8183ee5bd912c1cb16b6f661551c5f90d1fbdb5b1343b677ba419107141bc9c6f3205dc02fe1ee72e578f77158722b0df82abedac01
-
SSDEEP
24576:agIdOJwxcdy3IqhkU8CrO4WoSqiaEdThi0n1:pJwGyfRK4WoS5aEDi0n
Behavioral task
behavioral1
Sample
25c023f3b929b3ea1267bc3369407c23_JaffaCakes118.exe
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
25c023f3b929b3ea1267bc3369407c23_JaffaCakes118
-
Size
781KB
-
MD5
25c023f3b929b3ea1267bc3369407c23
-
SHA1
ccdefda67f17b302a79a5215dd0aabe24af3eaab
-
SHA256
49508a3ffd45f5dc5ca81655f0861ae8222329a7f7bf2f58efba1f8db5980160
-
SHA512
bdc2b0b988b9a4d41cc1a8183ee5bd912c1cb16b6f661551c5f90d1fbdb5b1343b677ba419107141bc9c6f3205dc02fe1ee72e578f77158722b0df82abedac01
-
SSDEEP
24576:agIdOJwxcdy3IqhkU8CrO4WoSqiaEdThi0n1:pJwGyfRK4WoS5aEDi0n
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2Virtualization/Sandbox Evasion
1