General

  • Target

    0612926f77935a0a2f782397c066af2b_JaffaCakes118

  • Size

    125KB

  • Sample

    240620-pxgefasbpn

  • MD5

    0612926f77935a0a2f782397c066af2b

  • SHA1

    442775d8475a87bc59f8668a603b23e8dfa8d6a8

  • SHA256

    4ab3565dfb1a72efb4c16d8d2088a50f817864e818de5c57a01e4c33a1d82591

  • SHA512

    dd0a49cf11ac0816b4ab1f5e202fdc0b78dc19f2e98b2a4302ad19823ae144fd7f34fc670471c642ef2e858c25e210e47ff25f166b50458d5ee7a3661bb06060

  • SSDEEP

    3072:SOsoy8j7VnNdrPHaSekwi+mW95jLFl51WoutiNtV:Nc8jZ7rvaU3+mW9ZH51WoSc

Malware Config

Targets

    • Target

      0612926f77935a0a2f782397c066af2b_JaffaCakes118

    • Size

      125KB

    • MD5

      0612926f77935a0a2f782397c066af2b

    • SHA1

      442775d8475a87bc59f8668a603b23e8dfa8d6a8

    • SHA256

      4ab3565dfb1a72efb4c16d8d2088a50f817864e818de5c57a01e4c33a1d82591

    • SHA512

      dd0a49cf11ac0816b4ab1f5e202fdc0b78dc19f2e98b2a4302ad19823ae144fd7f34fc670471c642ef2e858c25e210e47ff25f166b50458d5ee7a3661bb06060

    • SSDEEP

      3072:SOsoy8j7VnNdrPHaSekwi+mW95jLFl51WoutiNtV:Nc8jZ7rvaU3+mW9ZH51WoSc

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • UAC bypass

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks