General

  • Target

    09f9e19317c180f9ca5234665494d27e_JaffaCakes118

  • Size

    935KB

  • Sample

    240620-21efgawbpj

  • MD5

    09f9e19317c180f9ca5234665494d27e

  • SHA1

    00228583d1f1cf87b44ab2b4ce224b6eeafd4e26

  • SHA256

    4083cfd7c4e71a102705336eff734b1caff36ffebc0e8121d22e6f58707d1fa7

  • SHA512

    4f4e0ee6761383922bbc94de433ff7e6103d9f480b51fa19cb9781fc21f6208977d821292b9e6d6a2d9ddae20491604a30a1ab75951eaa5ce7437b6c0d764a03

  • SSDEEP

    24576:mLsFEtvC1GNsG17Oq1vW768k06paN8c42Wlyf4A6:XcvkGNx17Oqw/n6EN8c4/lyf

Malware Config

Targets

    • Target

      09f9e19317c180f9ca5234665494d27e_JaffaCakes118

    • Size

      935KB

    • MD5

      09f9e19317c180f9ca5234665494d27e

    • SHA1

      00228583d1f1cf87b44ab2b4ce224b6eeafd4e26

    • SHA256

      4083cfd7c4e71a102705336eff734b1caff36ffebc0e8121d22e6f58707d1fa7

    • SHA512

      4f4e0ee6761383922bbc94de433ff7e6103d9f480b51fa19cb9781fc21f6208977d821292b9e6d6a2d9ddae20491604a30a1ab75951eaa5ce7437b6c0d764a03

    • SSDEEP

      24576:mLsFEtvC1GNsG17Oq1vW768k06paN8c42Wlyf4A6:XcvkGNx17Oqw/n6EN8c4/lyf

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks