General

  • Target

    0abe87c40812b5fc4246f2b40ad9254c_JaffaCakes118

  • Size

    232KB

  • Sample

    240621-lmk34ayejq

  • MD5

    0abe87c40812b5fc4246f2b40ad9254c

  • SHA1

    b4cada7eb58eb8643d3423870907869fe1d22ed6

  • SHA256

    a79352b5c3c5c0b957799f3025a499b97b9af0bb8126a2ebfd87cf2c2fd303b0

  • SHA512

    f26ed5505d500ff5c3c311173db21081b590656586610b89106f8482e4a41d6823650a266f7f6f6d7e7260af32f6f60a6173c5bd1356eb366fb19d3ca01c80d7

  • SSDEEP

    3072:tLCnfucn+b9xvsnOOS2oKISOm7cn+egnbexRewT3:t4OHsnO6Os7cn+Pq

Malware Config

Targets

    • Target

      0abe87c40812b5fc4246f2b40ad9254c_JaffaCakes118

    • Size

      232KB

    • MD5

      0abe87c40812b5fc4246f2b40ad9254c

    • SHA1

      b4cada7eb58eb8643d3423870907869fe1d22ed6

    • SHA256

      a79352b5c3c5c0b957799f3025a499b97b9af0bb8126a2ebfd87cf2c2fd303b0

    • SHA512

      f26ed5505d500ff5c3c311173db21081b590656586610b89106f8482e4a41d6823650a266f7f6f6d7e7260af32f6f60a6173c5bd1356eb366fb19d3ca01c80d7

    • SSDEEP

      3072:tLCnfucn+b9xvsnOOS2oKISOm7cn+egnbexRewT3:t4OHsnO6Os7cn+Pq

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies WinLogon for persistence

    • ModiLoader Second Stage

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks