General

  • Target

    0aa203943d1e264973b2993ca09ef4c3_JaffaCakes118

  • Size

    438KB

  • Sample

    240621-k43tssxgrq

  • MD5

    0aa203943d1e264973b2993ca09ef4c3

  • SHA1

    ca973b0e458f0e0cca13636bd88784b80ccae24d

  • SHA256

    0cd828108ca62ac0de5f7f85830c09e5c5a40f26b1af84b5129ae1344d61f92b

  • SHA512

    4011f4c694105db1081bb2dfd1a9cfef5c7eefd25645f55f6f78a90196c0ae405fd23af992077089b6e400b74c585002392ea837626a2fcdfc93057d68d38f0f

  • SSDEEP

    12288:8qC6U56bIQ4UYlHloXo6c2pmmrtU8QEVydeH8ir:m6UqgIPVr1yoH8W

Malware Config

Targets

    • Target

      0aa203943d1e264973b2993ca09ef4c3_JaffaCakes118

    • Size

      438KB

    • MD5

      0aa203943d1e264973b2993ca09ef4c3

    • SHA1

      ca973b0e458f0e0cca13636bd88784b80ccae24d

    • SHA256

      0cd828108ca62ac0de5f7f85830c09e5c5a40f26b1af84b5129ae1344d61f92b

    • SHA512

      4011f4c694105db1081bb2dfd1a9cfef5c7eefd25645f55f6f78a90196c0ae405fd23af992077089b6e400b74c585002392ea837626a2fcdfc93057d68d38f0f

    • SSDEEP

      12288:8qC6U56bIQ4UYlHloXo6c2pmmrtU8QEVydeH8ir:m6UqgIPVr1yoH8W

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies firewall policy service

    • ModiLoader Second Stage

    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks