General

  • Target

    080e6056bb634db0ca0281f0a2e1f40c_JaffaCakes118

  • Size

    103KB

  • Sample

    240620-vm8zlasfml

  • MD5

    080e6056bb634db0ca0281f0a2e1f40c

  • SHA1

    fbe3b9e8b738ea92eba1752a707fc312aae500b8

  • SHA256

    78074191806c5291da8620b5a2d1f2b5a1f1ae030800f2f0aafc8245454cd1f0

  • SHA512

    af0b02bc6e0cd2455b59b357cdb123985323c91285f9b0d1e3c278b67f1168b2e0a86104d40f07ef47be6cd3104d635e5269f62d625b2166c71af6b5bd8ffdf4

  • SSDEEP

    3072:yNbtz8WfJOiAfm5o280PjiEOpMyGwP+Lf7+s+QwREyKFh/4:yNxz8WJAfm5380biEYK+2w6yKFd4

Malware Config

Targets

    • Target

      080e6056bb634db0ca0281f0a2e1f40c_JaffaCakes118

    • Size

      103KB

    • MD5

      080e6056bb634db0ca0281f0a2e1f40c

    • SHA1

      fbe3b9e8b738ea92eba1752a707fc312aae500b8

    • SHA256

      78074191806c5291da8620b5a2d1f2b5a1f1ae030800f2f0aafc8245454cd1f0

    • SHA512

      af0b02bc6e0cd2455b59b357cdb123985323c91285f9b0d1e3c278b67f1168b2e0a86104d40f07ef47be6cd3104d635e5269f62d625b2166c71af6b5bd8ffdf4

    • SSDEEP

      3072:yNbtz8WfJOiAfm5o280PjiEOpMyGwP+Lf7+s+QwREyKFh/4:yNxz8WJAfm5380biEYK+2w6yKFd4

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies firewall policy service

    • ModiLoader Second Stage

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks