General

  • Target

    0a01bc26ac7b9017961ec40d2c832edd_JaffaCakes118

  • Size

    556KB

  • Sample

    240620-266rxawdrr

  • MD5

    0a01bc26ac7b9017961ec40d2c832edd

  • SHA1

    e780f037d52902eecd20e3476801e7a19005fd90

  • SHA256

    a20c6bcdf6fd33c66ce73e27d1e036f5002f2e22254a0f05dbec13860ab9b189

  • SHA512

    479d9403558765de34f799470970089439aeec45355dabff2b104b81a4045f5fac7deb95518ad8952e911794d89764a6a98f1b1b5633b57c52131533b8484a37

  • SSDEEP

    12288:R57FAgcKCEtlfJF3Z4mxx/v1xIAMCS+0667K:R575CCJQmXX1xIAtS+r+K

Malware Config

Targets

    • Target

      0a01bc26ac7b9017961ec40d2c832edd_JaffaCakes118

    • Size

      556KB

    • MD5

      0a01bc26ac7b9017961ec40d2c832edd

    • SHA1

      e780f037d52902eecd20e3476801e7a19005fd90

    • SHA256

      a20c6bcdf6fd33c66ce73e27d1e036f5002f2e22254a0f05dbec13860ab9b189

    • SHA512

      479d9403558765de34f799470970089439aeec45355dabff2b104b81a4045f5fac7deb95518ad8952e911794d89764a6a98f1b1b5633b57c52131533b8484a37

    • SSDEEP

      12288:R57FAgcKCEtlfJF3Z4mxx/v1xIAMCS+0667K:R575CCJQmXX1xIAtS+r+K

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies WinLogon for persistence

    • ModiLoader Second Stage

    • Server Software Component: Terminal Services DLL

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Deletes itself

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks