General

  • Target

    22a803b6d4daa8deb6bb444fda3bbc85_JaffaCakes118

  • Size

    492KB

  • Sample

    240703-rkg7basbkg

  • MD5

    22a803b6d4daa8deb6bb444fda3bbc85

  • SHA1

    1c061aaae1077a30dd8a209c47256cc4be02df8e

  • SHA256

    7b9c293a82cc188bdaccd1aeeee5169819060622a75c4ea953613f30595be1f6

  • SHA512

    bd7b6aaaa5e69ca93ed50debd8a8f3eb29997cb560bd395b05a4e7450416ff9d99b03b5346b9fba7b6aea5aee52a50847c5a5c55c2ec5f09373e7dc7646dc784

  • SSDEEP

    12288:AjuTkMa586N2rAs3e3D35UQpXyjWz8iu6pqXALLbr2U7QFxyzw:AsUNl6yD2KXYWzj3rZQFz

Malware Config

Targets

    • Target

      22a803b6d4daa8deb6bb444fda3bbc85_JaffaCakes118

    • Size

      492KB

    • MD5

      22a803b6d4daa8deb6bb444fda3bbc85

    • SHA1

      1c061aaae1077a30dd8a209c47256cc4be02df8e

    • SHA256

      7b9c293a82cc188bdaccd1aeeee5169819060622a75c4ea953613f30595be1f6

    • SHA512

      bd7b6aaaa5e69ca93ed50debd8a8f3eb29997cb560bd395b05a4e7450416ff9d99b03b5346b9fba7b6aea5aee52a50847c5a5c55c2ec5f09373e7dc7646dc784

    • SSDEEP

      12288:AjuTkMa586N2rAs3e3D35UQpXyjWz8iu6pqXALLbr2U7QFxyzw:AsUNl6yD2KXYWzj3rZQFz

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies visiblity of hidden/system files in Explorer

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks