General

  • Target

    255c5a50dce5a8901768599179e037f9_JaffaCakes118

  • Size

    1.3MB

  • Sample

    240704-kx44aatbjq

  • MD5

    255c5a50dce5a8901768599179e037f9

  • SHA1

    6fd6806e87f7738d155595cdfcc87daf4b6d8523

  • SHA256

    e920ef2edec9587c0c6637d51927e5fa9700ff1bc5b23496c8baee1a221004a4

  • SHA512

    2b3a3730de4231690fa7a286dc7d05313e5e53830302f662fa3c654e423fdec00290ff7ebd32ecd55ed3e96ae60e07e24b3207ff63b9c3480e8c19f467775c81

  • SSDEEP

    24576:sbMQGoHTOAASMKZr8I+QNPpZlp3+9U/Fu:sozCnAST8IJTZlpO6/w

Malware Config

Targets

    • Target

      255c5a50dce5a8901768599179e037f9_JaffaCakes118

    • Size

      1.3MB

    • MD5

      255c5a50dce5a8901768599179e037f9

    • SHA1

      6fd6806e87f7738d155595cdfcc87daf4b6d8523

    • SHA256

      e920ef2edec9587c0c6637d51927e5fa9700ff1bc5b23496c8baee1a221004a4

    • SHA512

      2b3a3730de4231690fa7a286dc7d05313e5e53830302f662fa3c654e423fdec00290ff7ebd32ecd55ed3e96ae60e07e24b3207ff63b9c3480e8c19f467775c81

    • SSDEEP

      24576:sbMQGoHTOAASMKZr8I+QNPpZlp3+9U/Fu:sozCnAST8IJTZlpO6/w

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • UAC bypass

    • ModiLoader Second Stage

    • Deletes itself

    • Executes dropped EXE

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks