General

  • Target

    09a32979c530c80cb87f56d7eeda2c0b_JaffaCakes118

  • Size

    1.7MB

  • Sample

    240620-1w4n5atanj

  • MD5

    09a32979c530c80cb87f56d7eeda2c0b

  • SHA1

    4b7b0320dd74ad2fe9fc5e2d91e476d6dca411bf

  • SHA256

    a2c87d019943bf7d1d05f87749c574d10e41e5147f174ee6de6605db8728b8ca

  • SHA512

    3e0716ecbc6b72ce270e5d63864a1c439f39c40b91a6db57d9bfbb05b9e365ada86313bd8095d79b23a2cefa2765b17fa765a28c7b41d02a9d0543682cafb539

  • SSDEEP

    49152:DDZHyO9BQ2ZpZ4QKtojLzsPi8/4tLE5Fj:DDTBQ2F4QKOPIPi8f

Malware Config

Targets

    • Target

      09a32979c530c80cb87f56d7eeda2c0b_JaffaCakes118

    • Size

      1.7MB

    • MD5

      09a32979c530c80cb87f56d7eeda2c0b

    • SHA1

      4b7b0320dd74ad2fe9fc5e2d91e476d6dca411bf

    • SHA256

      a2c87d019943bf7d1d05f87749c574d10e41e5147f174ee6de6605db8728b8ca

    • SHA512

      3e0716ecbc6b72ce270e5d63864a1c439f39c40b91a6db57d9bfbb05b9e365ada86313bd8095d79b23a2cefa2765b17fa765a28c7b41d02a9d0543682cafb539

    • SSDEEP

      49152:DDZHyO9BQ2ZpZ4QKtojLzsPi8/4tLE5Fj:DDTBQ2F4QKOPIPi8f

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • UAC bypass

    • ModiLoader Second Stage

    • Deletes itself

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks