General

  • Target

    0a1de2fcccd56a2b18f62015b75f7a68_JaffaCakes118

  • Size

    111KB

  • Sample

    240621-h2nkzszhqc

  • MD5

    0a1de2fcccd56a2b18f62015b75f7a68

  • SHA1

    9da34d14c8218088422a59559efd32391d8af11e

  • SHA256

    8601b9e49934f3148681fbbce45a76af75a19d73520c57218e141ed9e09794ab

  • SHA512

    29215380c88b3ac5b1b57ee6bb6e1f49b568eeafc4f8214d517d2aab2253e7b392b7cc298bb9382b2980722cb44b2d2c2b171397d44f9d950281cf7ea831ddb1

  • SSDEEP

    3072:B1+MJKrUnFYY5z1i0Nmbi5fJBNoQZFPfWXHout:3IrPj0NmWtNFYoS

Malware Config

Targets

    • Target

      0a1de2fcccd56a2b18f62015b75f7a68_JaffaCakes118

    • Size

      111KB

    • MD5

      0a1de2fcccd56a2b18f62015b75f7a68

    • SHA1

      9da34d14c8218088422a59559efd32391d8af11e

    • SHA256

      8601b9e49934f3148681fbbce45a76af75a19d73520c57218e141ed9e09794ab

    • SHA512

      29215380c88b3ac5b1b57ee6bb6e1f49b568eeafc4f8214d517d2aab2253e7b392b7cc298bb9382b2980722cb44b2d2c2b171397d44f9d950281cf7ea831ddb1

    • SSDEEP

      3072:B1+MJKrUnFYY5z1i0Nmbi5fJBNoQZFPfWXHout:3IrPj0NmWtNFYoS

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • UAC bypass

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks