General

  • Target

    2505877c2fbcd9c954297bb0c5d6f284_JaffaCakes118

  • Size

    217KB

  • Sample

    240704-hqlbgszaql

  • MD5

    2505877c2fbcd9c954297bb0c5d6f284

  • SHA1

    232993ffa601d5e76661249d2e427245569e1e7f

  • SHA256

    70b392f6510699ce0f16ea0d5623db89c7bb33d3f18f2c07c5313aa2c51ccb73

  • SHA512

    cbe8e74e0cabb275ab69e9e80bc2bfb11529c927af422b0189c464fa8131acbc569027137f9472b87ebe71e8d476f011eb903ca8a4b5ebd19e1a46aa9f2a070e

  • SSDEEP

    3072:AvW3AZFWW8Zql8cQKDKOGT6oP23DKXKvuul8BGgHYX/FcOSWvhPdHwjYl7xSfaUs:4FFWW82D5c23jGGxdjYq4faSn6

Malware Config

Targets

    • Target

      2505877c2fbcd9c954297bb0c5d6f284_JaffaCakes118

    • Size

      217KB

    • MD5

      2505877c2fbcd9c954297bb0c5d6f284

    • SHA1

      232993ffa601d5e76661249d2e427245569e1e7f

    • SHA256

      70b392f6510699ce0f16ea0d5623db89c7bb33d3f18f2c07c5313aa2c51ccb73

    • SHA512

      cbe8e74e0cabb275ab69e9e80bc2bfb11529c927af422b0189c464fa8131acbc569027137f9472b87ebe71e8d476f011eb903ca8a4b5ebd19e1a46aa9f2a070e

    • SSDEEP

      3072:AvW3AZFWW8Zql8cQKDKOGT6oP23DKXKvuul8BGgHYX/FcOSWvhPdHwjYl7xSfaUs:4FFWW82D5c23jGGxdjYq4faSn6

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • ModiLoader Second Stage

    • Server Software Component: Terminal Services DLL

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Deletes itself

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks