General

  • Target

    08c7f214ff30a45940054cc2046a91e3_JaffaCakes118

  • Size

    152KB

  • Sample

    240430-cjhn5ahh4t

  • MD5

    08c7f214ff30a45940054cc2046a91e3

  • SHA1

    c0922f28a20be2522f661be00e3c48fff4805da5

  • SHA256

    59bba56f65c96191523e90851110f331833440def8154294dce7edbfb750a8c7

  • SHA512

    d8b6bccde9555c23f7df99281f2ca2c4981367b5d2288f47911a72c64abc26e208a9260183144ddca27ff3adb1292e1a12110db2dd96b863cbfa6d38db41191d

  • SSDEEP

    3072:SEWYYSD+v8jWKtLwKIzSczRjJnLLSUgglXmDk9c60vcKpbpbAzuBKXAZY:5WPeWaLdISmVnaUggEDQ0vzbbAzzXAZY

Malware Config

Targets

    • Target

      H2WCheat.exe

    • Size

      156KB

    • MD5

      24ac20bd822d58c479eae5ebbce978e3

    • SHA1

      c11f7568767542039bc41154edeafa696566d42a

    • SHA256

      bc54df2e0a9853c0cbe1407c1a6d4de3213a32ea6ab1d7a6777e8a94e7fe32eb

    • SHA512

      8a55ee2f4aa3dbd77a85c1bb3a2ee357d86d1aefd6d26c597411940c347b7cd855b9556c69818add69363ec11ee670c4ed515c27e96164a82347dd015c96ea41

    • SSDEEP

      3072:EGbHwx3GsAFyQbXO0kwXmFRqAh+7QouCv8BATTy+zL9GwqRlcBapeEdmIMyXE:EG7u6jrkwvKaXR0cyYLF6lcBapBdd

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • ModiLoader Second Stage

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks