General

  • Target

    0acb0bcc5938c274ef46b7f982eedd03_JaffaCakes118

  • Size

    629KB

  • Sample

    240621-lxeztsyglm

  • MD5

    0acb0bcc5938c274ef46b7f982eedd03

  • SHA1

    84a652c3a8a2ae3cebf304fdedc67c3c7ec0143d

  • SHA256

    d7c31d9052315be2da6bba851d4f8c59c36d3c007d26745b7a8981e1fde9c1dc

  • SHA512

    cbf8c4dab3e71a73e002e44e37eed55dd7efe1ba0839a700f0d974fc56124fae5ab02ec6cc7a66f8a7633dea31e5006dc785fe5c71c4f20509274f33e372899e

  • SSDEEP

    12288:DDNkFa5fF7RTX979xwJyTW7DsVpCV3Qs9iZ3b1FPUukQQ:DJ+gF1tTyyTW7Cprs9iFHP4z

Malware Config

Targets

    • Target

      0acb0bcc5938c274ef46b7f982eedd03_JaffaCakes118

    • Size

      629KB

    • MD5

      0acb0bcc5938c274ef46b7f982eedd03

    • SHA1

      84a652c3a8a2ae3cebf304fdedc67c3c7ec0143d

    • SHA256

      d7c31d9052315be2da6bba851d4f8c59c36d3c007d26745b7a8981e1fde9c1dc

    • SHA512

      cbf8c4dab3e71a73e002e44e37eed55dd7efe1ba0839a700f0d974fc56124fae5ab02ec6cc7a66f8a7633dea31e5006dc785fe5c71c4f20509274f33e372899e

    • SSDEEP

      12288:DDNkFa5fF7RTX979xwJyTW7DsVpCV3Qs9iZ3b1FPUukQQ:DJ+gF1tTyyTW7Cprs9iFHP4z

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • UAC bypass

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks