General

  • Target

    061982910fdbfed638517be65be29d31_JaffaCakes118

  • Size

    529KB

  • Sample

    240620-pznxasscqm

  • MD5

    061982910fdbfed638517be65be29d31

  • SHA1

    54c40ac00ed6785fbf8895cf92bd646d3a5f37c2

  • SHA256

    0e04df212a08beba491e55a5f0375ede9996e987c48a2bb27c2c0e941f8f6a82

  • SHA512

    e0abe3781b23b6704a0af0a6813063d8d1effb17411db4ed251fa8dc371fd15fe23ef94a86936e4db6d66165d2a8a9cad3a38ef46412ac7c09bcce750a888dc5

  • SSDEEP

    12288:dw2YLkMwYH+qknF84ZpuXaYdLWhs1KC9UityJ:mhLjH+DF7pwnWCcYpAJ

Malware Config

Targets

    • Target

      061982910fdbfed638517be65be29d31_JaffaCakes118

    • Size

      529KB

    • MD5

      061982910fdbfed638517be65be29d31

    • SHA1

      54c40ac00ed6785fbf8895cf92bd646d3a5f37c2

    • SHA256

      0e04df212a08beba491e55a5f0375ede9996e987c48a2bb27c2c0e941f8f6a82

    • SHA512

      e0abe3781b23b6704a0af0a6813063d8d1effb17411db4ed251fa8dc371fd15fe23ef94a86936e4db6d66165d2a8a9cad3a38ef46412ac7c09bcce750a888dc5

    • SSDEEP

      12288:dw2YLkMwYH+qknF84ZpuXaYdLWhs1KC9UityJ:mhLjH+DF7pwnWCcYpAJ

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • UAC bypass

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks