General

  • Target

    1d12ce798497b2b6723c0a43ad436fd0_JaffaCakes118

  • Size

    270KB

  • Sample

    240506-shda1sba25

  • MD5

    1d12ce798497b2b6723c0a43ad436fd0

  • SHA1

    0f0a2d6228ed65d9a8bab2565c2436278096a807

  • SHA256

    76b93654dacd75b108276b40dedc7caf796ecfebb4aac0190937e4fafdb4ffdd

  • SHA512

    b1783e609cc3a13b984ef05f4dde147863697f2221f9c9daf1c2d1b1210a9f163029de4da84108220a1ed2c6725a13ca97bd56bf436a5acf92e21182d803c5f2

  • SSDEEP

    6144:KG377xS2Vp2CeiorXhwTBOz53ppcCJJvH:Zr7xS2Vp6FwTGbJJvH

Malware Config

Targets

    • Target

      1d12ce798497b2b6723c0a43ad436fd0_JaffaCakes118

    • Size

      270KB

    • MD5

      1d12ce798497b2b6723c0a43ad436fd0

    • SHA1

      0f0a2d6228ed65d9a8bab2565c2436278096a807

    • SHA256

      76b93654dacd75b108276b40dedc7caf796ecfebb4aac0190937e4fafdb4ffdd

    • SHA512

      b1783e609cc3a13b984ef05f4dde147863697f2221f9c9daf1c2d1b1210a9f163029de4da84108220a1ed2c6725a13ca97bd56bf436a5acf92e21182d803c5f2

    • SSDEEP

      6144:KG377xS2Vp2CeiorXhwTBOz53ppcCJJvH:Zr7xS2Vp6FwTGbJJvH

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • UAC bypass

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks