General

  • Target

    22de26dd8e95003da48d92d16f72db47_JaffaCakes118

  • Size

    319KB

  • Sample

    240703-szy9tawfna

  • MD5

    22de26dd8e95003da48d92d16f72db47

  • SHA1

    b7bf2cfa53517fe1dfa65f9a434b44253beead76

  • SHA256

    5981aad204806f3f7c61c61d3848c15d33d235fd27e422801f4973a561aec07f

  • SHA512

    ff4bbef017276c69ef517b87af6c69ffbb79faf0dcf537d45f8761b3bd46f129cf73d959b81dd136327693e58b2deefbae489bc4d765f0aeb4068dcd500fdee2

  • SSDEEP

    6144:TGyjnBSkuV1d4eZd88ORJIf/wTBV53tpc27BoS2:iYnBSkuVUeZdYqwTPloS

Malware Config

Targets

    • Target

      22de26dd8e95003da48d92d16f72db47_JaffaCakes118

    • Size

      319KB

    • MD5

      22de26dd8e95003da48d92d16f72db47

    • SHA1

      b7bf2cfa53517fe1dfa65f9a434b44253beead76

    • SHA256

      5981aad204806f3f7c61c61d3848c15d33d235fd27e422801f4973a561aec07f

    • SHA512

      ff4bbef017276c69ef517b87af6c69ffbb79faf0dcf537d45f8761b3bd46f129cf73d959b81dd136327693e58b2deefbae489bc4d765f0aeb4068dcd500fdee2

    • SSDEEP

      6144:TGyjnBSkuV1d4eZd88ORJIf/wTBV53tpc27BoS2:iYnBSkuVUeZdYqwTPloS

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • UAC bypass

    • ModiLoader Second Stage

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks