General

  • Target

    2629102aaab6078a598437b0bfde20f6_JaffaCakes118

  • Size

    270KB

  • Sample

    240508-w6zeyabg39

  • MD5

    2629102aaab6078a598437b0bfde20f6

  • SHA1

    7f02c1be915d19184f1f68ec89078ee55a9f974e

  • SHA256

    8aa5a9c79c871690a1fad384608ba8abcb7e18a09968ed177a3830f9363a716f

  • SHA512

    d70f52ea07b78af4dc1ebb6c89afb4e874b1436233ed2d24215cd3795ac8bf74d5ee3538fc27092f713a9ab14524bf7f79eca1a20b30adff0354ac22e2004847

  • SSDEEP

    6144:KG377xS2Vp2CeiorXhwTBOz53RHopcCJJvH:Zr7xS2Vp6FwTcHobJJvH

Malware Config

Targets

    • Target

      2629102aaab6078a598437b0bfde20f6_JaffaCakes118

    • Size

      270KB

    • MD5

      2629102aaab6078a598437b0bfde20f6

    • SHA1

      7f02c1be915d19184f1f68ec89078ee55a9f974e

    • SHA256

      8aa5a9c79c871690a1fad384608ba8abcb7e18a09968ed177a3830f9363a716f

    • SHA512

      d70f52ea07b78af4dc1ebb6c89afb4e874b1436233ed2d24215cd3795ac8bf74d5ee3538fc27092f713a9ab14524bf7f79eca1a20b30adff0354ac22e2004847

    • SSDEEP

      6144:KG377xS2Vp2CeiorXhwTBOz53RHopcCJJvH:Zr7xS2Vp6FwTcHobJJvH

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • UAC bypass

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks