General

  • Target

    0c4587c3f4a05b5dcea637a7d84e6945_JaffaCakes118

  • Size

    459KB

  • Sample

    240501-tyvqnsbb4x

  • MD5

    0c4587c3f4a05b5dcea637a7d84e6945

  • SHA1

    032ec83b8255ab4b76b61e5a8f47796a8c0d3d76

  • SHA256

    01d0288ee6dfb976ca933010d3e64acea9b579f30dbb0804a40ffd7f33178591

  • SHA512

    6252285383bbafb18e235166fc270bcb0d1af0203b78cd36328c9a27932cc03dfe636b1c0925d06e5da657900e47621811fbdeb8105f706bd3974d796e83712b

  • SSDEEP

    12288:3riyWukBOyeebVQneAp2BTJNHa1LJXtXKYKb:3rrWukBLeehQneA4lHyXab

Malware Config

Targets

    • Target

      xpopup.exe

    • Size

      466KB

    • MD5

      021d6854d1fd38940d2c880ff96e5a68

    • SHA1

      5db01633c97558ed31d0a1e57cdb5d1c0f19fde6

    • SHA256

      c0543781cfcaeafda1ad2c2bafe7b1dbe742313c7d67382e3dabadaad669bcbf

    • SHA512

      0af7b7c249382b615a9e6d91a67842db2b1c19165be801e2171c920b11737c49a627ff6e916082d39fbecd0f3aed951b2339c84e7e40f5a74a398ebdaa8dfce6

    • SSDEEP

      12288:r5jceGOnUt8h5WVPrF/UqyWxSa/5NWgdFmAJF6jd:+ezU8ErlzWgdwAid

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • ModiLoader First Stage

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks