General

  • Target

    069131573dd0cbea23633b6461934395_JaffaCakes118

  • Size

    224KB

  • Sample

    240620-q4s79a1blh

  • MD5

    069131573dd0cbea23633b6461934395

  • SHA1

    a091ef047e4e22fa2e4f046ca4ada05e52b7051e

  • SHA256

    abac34b94e17c610dd1a87ef716e83477af88ce3f4b58ad757a76fe0c2958b6c

  • SHA512

    0b3235293b33ceb0e0e675cdb6da85efbb8163cbef75831fb2efd175c9a1cc270691ee0c289779cdbedac6336b2c2773c06027ae3c18681c0e0bef3c2c8a5bea

  • SSDEEP

    1536:v7XLdievgiQpdAUDf+qhczlszloNIsIF7bzMeOQCxV1TTfR2E+gioWNxklX+68su:zLgTAa+jwT2NCsFXf+j

Malware Config

Targets

    • Target

      069131573dd0cbea23633b6461934395_JaffaCakes118

    • Size

      224KB

    • MD5

      069131573dd0cbea23633b6461934395

    • SHA1

      a091ef047e4e22fa2e4f046ca4ada05e52b7051e

    • SHA256

      abac34b94e17c610dd1a87ef716e83477af88ce3f4b58ad757a76fe0c2958b6c

    • SHA512

      0b3235293b33ceb0e0e675cdb6da85efbb8163cbef75831fb2efd175c9a1cc270691ee0c289779cdbedac6336b2c2773c06027ae3c18681c0e0bef3c2c8a5bea

    • SSDEEP

      1536:v7XLdievgiQpdAUDf+qhczlszloNIsIF7bzMeOQCxV1TTfR2E+gioWNxklX+68su:zLgTAa+jwT2NCsFXf+j

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks