General

  • Target

    12d6a9c170aa19c05353134cdf4f40b7_JaffaCakes118

  • Size

    360KB

  • Sample

    240504-p7ptkahd76

  • MD5

    12d6a9c170aa19c05353134cdf4f40b7

  • SHA1

    f0cd3422b802960f44152da43d054c053efa7ce3

  • SHA256

    4aecb4cf0be3a31703f8ee9a3f0e74e706f65d2debff6d8a28eaf92b67ae2eaa

  • SHA512

    12e9bab3b04bac8b75f77b5d8a25548fb046202c9346916bec8f1ddc8c547e30ccca6af9790d94720fd13fdaa286e9b85065bb31a8d6842f55c13245fa121be3

  • SSDEEP

    6144:fI7kmNy3NyW7btm58icJp8DbxCuoAgUPL26GCFp:fI7kmNy3NyUmMJp8Db8jAVPL26GCH

Score
10/10

Malware Config

Targets

    • Target

      12d6a9c170aa19c05353134cdf4f40b7_JaffaCakes118

    • Size

      360KB

    • MD5

      12d6a9c170aa19c05353134cdf4f40b7

    • SHA1

      f0cd3422b802960f44152da43d054c053efa7ce3

    • SHA256

      4aecb4cf0be3a31703f8ee9a3f0e74e706f65d2debff6d8a28eaf92b67ae2eaa

    • SHA512

      12e9bab3b04bac8b75f77b5d8a25548fb046202c9346916bec8f1ddc8c547e30ccca6af9790d94720fd13fdaa286e9b85065bb31a8d6842f55c13245fa121be3

    • SSDEEP

      6144:fI7kmNy3NyW7btm58icJp8DbxCuoAgUPL26GCFp:fI7kmNy3NyUmMJp8Db8jAVPL26GCH

    Score
    10/10
    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks