General

  • Target

    06f392a156d51307a93d49ba7e19e8ff_JaffaCakes118

  • Size

    239KB

  • Sample

    240620-r4mwxasgmf

  • MD5

    06f392a156d51307a93d49ba7e19e8ff

  • SHA1

    dbc21eea0efee2c9512008240dc810f23cde1291

  • SHA256

    ab3dc8eb41a5d995e77d34b54896e1c02781f37ba133c8a7bc861179d65c19c0

  • SHA512

    9cb95ed46834068ae93ce5e50737f12d972fed32384b506efa10ff700bfba901379ddf36849687f900691b0cb704577fa6f7f7865796fea71d6df361da2b2c8b

  • SSDEEP

    6144:5pV2WLSRYbI0eiOeSs1kV2WLSRYbI0eiOeSs1x:F3LR3Vj1143LR3Vj11x

Malware Config

Targets

    • Target

      06f392a156d51307a93d49ba7e19e8ff_JaffaCakes118

    • Size

      239KB

    • MD5

      06f392a156d51307a93d49ba7e19e8ff

    • SHA1

      dbc21eea0efee2c9512008240dc810f23cde1291

    • SHA256

      ab3dc8eb41a5d995e77d34b54896e1c02781f37ba133c8a7bc861179d65c19c0

    • SHA512

      9cb95ed46834068ae93ce5e50737f12d972fed32384b506efa10ff700bfba901379ddf36849687f900691b0cb704577fa6f7f7865796fea71d6df361da2b2c8b

    • SSDEEP

      6144:5pV2WLSRYbI0eiOeSs1kV2WLSRYbI0eiOeSs1x:F3LR3Vj1143LR3Vj11x

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • UAC bypass

    • ModiLoader Second Stage

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks