General

  • Target

    0dc2bd0568223a98ba681ccdcad7be8b_JaffaCakes118

  • Size

    270KB

  • Sample

    240502-haq7ssbd9s

  • MD5

    0dc2bd0568223a98ba681ccdcad7be8b

  • SHA1

    69a5befdaefca3ba4389334bd51a7709cc20b432

  • SHA256

    d33be5ce5ec7eccae71336901da3dc2a7ff49454806873a622c70116edfb6b66

  • SHA512

    8920d390e7b06942a67b3492ec79b0f15f0257dcfdbc442fc114a7047a882528e99188dd10240a1c27b348bda7e2930623db0346c0a5c2a7283b5440e737ffbc

  • SSDEEP

    6144:KG377xS2Vp2CeiorXhwTBOz532opcCJJvH:Zr7xS2Vp6FwTWbJJvH

Malware Config

Targets

    • Target

      0dc2bd0568223a98ba681ccdcad7be8b_JaffaCakes118

    • Size

      270KB

    • MD5

      0dc2bd0568223a98ba681ccdcad7be8b

    • SHA1

      69a5befdaefca3ba4389334bd51a7709cc20b432

    • SHA256

      d33be5ce5ec7eccae71336901da3dc2a7ff49454806873a622c70116edfb6b66

    • SHA512

      8920d390e7b06942a67b3492ec79b0f15f0257dcfdbc442fc114a7047a882528e99188dd10240a1c27b348bda7e2930623db0346c0a5c2a7283b5440e737ffbc

    • SSDEEP

      6144:KG377xS2Vp2CeiorXhwTBOz532opcCJJvH:Zr7xS2Vp6FwTWbJJvH

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • UAC bypass

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks