General

  • Target

    251db191002d681b4ff09a000044cbd8_JaffaCakes118

  • Size

    1.3MB

  • Sample

    240704-jbm27ssgpb

  • MD5

    251db191002d681b4ff09a000044cbd8

  • SHA1

    8d8b633fbd506999a6b1edb16005131f8dd48518

  • SHA256

    32d0bc05e9cd5f501e360713c00463657abc07720fd86aeaf329f658e84fec62

  • SHA512

    cd24c5533db103150a688cc51801cc626f884d30a203fd7eb155497c1e2d4e0d46a26363cc5edf7ee8f293e9cd58c5add728dd3725fb727ea62da3abf39de5d2

  • SSDEEP

    24576:pUyEFB27XmWTp9icxwJgBag/3wbdCrPQzv5s0DJksUoUc52qSQWNqiV:2/orp9y5gfwbdgSGa7cMWV

Malware Config

Targets

    • Target

      251db191002d681b4ff09a000044cbd8_JaffaCakes118

    • Size

      1.3MB

    • MD5

      251db191002d681b4ff09a000044cbd8

    • SHA1

      8d8b633fbd506999a6b1edb16005131f8dd48518

    • SHA256

      32d0bc05e9cd5f501e360713c00463657abc07720fd86aeaf329f658e84fec62

    • SHA512

      cd24c5533db103150a688cc51801cc626f884d30a203fd7eb155497c1e2d4e0d46a26363cc5edf7ee8f293e9cd58c5add728dd3725fb727ea62da3abf39de5d2

    • SSDEEP

      24576:pUyEFB27XmWTp9icxwJgBag/3wbdCrPQzv5s0DJksUoUc52qSQWNqiV:2/orp9y5gfwbdgSGa7cMWV

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • UAC bypass

    • ModiLoader Second Stage

    • Executes dropped EXE

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks