General

  • Target

    06865e0c016fc717a100470c9dc8d823_JaffaCakes118

  • Size

    132KB

  • Sample

    240620-q1ln1azhqf

  • MD5

    06865e0c016fc717a100470c9dc8d823

  • SHA1

    04c8064bc5d572d220fbf3c28ba2aa4667ccc0f1

  • SHA256

    c832b2e49834b9ae6dd46c5400156f307dc46d89ef98d2ca09df5c1900b9fdd0

  • SHA512

    16de124b5e987f8f8bf3815a533387385954c3e78cd86b22d0e93f21944acacc4da24a65fcbd5ad8bcb302905d6c6361cfed83e9fab63994fe81242fc5ec354b

  • SSDEEP

    3072:8KzGCRpjl3V2TvJk4ZqgZc4j04lqFdRU8:3p2FqgS0qnRP

Malware Config

Targets

    • Target

      06865e0c016fc717a100470c9dc8d823_JaffaCakes118

    • Size

      132KB

    • MD5

      06865e0c016fc717a100470c9dc8d823

    • SHA1

      04c8064bc5d572d220fbf3c28ba2aa4667ccc0f1

    • SHA256

      c832b2e49834b9ae6dd46c5400156f307dc46d89ef98d2ca09df5c1900b9fdd0

    • SHA512

      16de124b5e987f8f8bf3815a533387385954c3e78cd86b22d0e93f21944acacc4da24a65fcbd5ad8bcb302905d6c6361cfed83e9fab63994fe81242fc5ec354b

    • SSDEEP

      3072:8KzGCRpjl3V2TvJk4ZqgZc4j04lqFdRU8:3p2FqgS0qnRP

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • UAC bypass

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks