General

  • Target

    09c85491ac1f04ddd9af3153b1b0c176_JaffaCakes118

  • Size

    1.3MB

  • Sample

    240620-2a3elszena

  • MD5

    09c85491ac1f04ddd9af3153b1b0c176

  • SHA1

    810d7c8d3d50fa00b48a40b7583bc343075fb1b4

  • SHA256

    e7a90472880c7dc6596332555888e72ebc7cf41e21917a47d20c4bec398e7b84

  • SHA512

    117bc618e885aa10c414ba4dd74d73c3c39f72957dc8a82e785156b1055ccae09e88d03fbc524d00dae499c4ed489071ae190812d7efef5bcf74def551ad2d99

  • SSDEEP

    24576:NaHMv6Corjqny/Qj5lZz5yEeY597/Fv3JbxEiv4A7WJ0:N1vqjd/QNzEEeG97/Fv3fEEMJ0

Malware Config

Targets

    • Target

      09c85491ac1f04ddd9af3153b1b0c176_JaffaCakes118

    • Size

      1.3MB

    • MD5

      09c85491ac1f04ddd9af3153b1b0c176

    • SHA1

      810d7c8d3d50fa00b48a40b7583bc343075fb1b4

    • SHA256

      e7a90472880c7dc6596332555888e72ebc7cf41e21917a47d20c4bec398e7b84

    • SHA512

      117bc618e885aa10c414ba4dd74d73c3c39f72957dc8a82e785156b1055ccae09e88d03fbc524d00dae499c4ed489071ae190812d7efef5bcf74def551ad2d99

    • SSDEEP

      24576:NaHMv6Corjqny/Qj5lZz5yEeY597/Fv3JbxEiv4A7WJ0:N1vqjd/QNzEEeG97/Fv3fEEMJ0

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • UAC bypass

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks