General

  • Target

    0894f2a4cdc43a1f63b8d8d7875eb2e4_JaffaCakes118

  • Size

    864KB

  • Sample

    240620-wx71qavfnj

  • MD5

    0894f2a4cdc43a1f63b8d8d7875eb2e4

  • SHA1

    ef0752d9350ebc63a1fb80c47fd8db85b9d8c60c

  • SHA256

    85c454ef35e75d13650772989fa3dd20a2279edcc482b9be4956b5ee8f7cc5e5

  • SHA512

    61ef757980a331ee512206bf82c9e2fdaef20afb39a9f7b3cb2b0399e8b9ef4a348fa3c73ba91d6bae1b5d736b941b084f3bf19ab8b376c8317d9c5322dceb68

  • SSDEEP

    24576:szaKTpqvNJAp7ElVVwoRPyBlAG0WYlPoJvHI:LKTMNHhwoRPQADFodo

Malware Config

Targets

    • Target

      0894f2a4cdc43a1f63b8d8d7875eb2e4_JaffaCakes118

    • Size

      864KB

    • MD5

      0894f2a4cdc43a1f63b8d8d7875eb2e4

    • SHA1

      ef0752d9350ebc63a1fb80c47fd8db85b9d8c60c

    • SHA256

      85c454ef35e75d13650772989fa3dd20a2279edcc482b9be4956b5ee8f7cc5e5

    • SHA512

      61ef757980a331ee512206bf82c9e2fdaef20afb39a9f7b3cb2b0399e8b9ef4a348fa3c73ba91d6bae1b5d736b941b084f3bf19ab8b376c8317d9c5322dceb68

    • SSDEEP

      24576:szaKTpqvNJAp7ElVVwoRPyBlAG0WYlPoJvHI:LKTMNHhwoRPQADFodo

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • UAC bypass

    • ModiLoader Second Stage

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks