General

  • Target

    25c2bc283905e0af50240fbcccb06975_JaffaCakes118

  • Size

    581KB

  • Sample

    240704-wxfw8sthlf

  • MD5

    25c2bc283905e0af50240fbcccb06975

  • SHA1

    9c71a567de3cbe859f6c33bb14edf289ca35634b

  • SHA256

    d79d6ffe8b13d515beffd7962c65ef92965d1838d8b6c4ac253e877f468c570b

  • SHA512

    959c159579b8392d7426ae4566b3549c8cdf0cd01eb13de8a8ef1f9f9be1ff5cca04241ad9d89e39cf9ce6112a013b01f402607af94d8570120160542f08bf05

  • SSDEEP

    12288:ZvcQ5UoY9tuhxw2XW9uUWfuIzQY2Cbj70ayBAKK9VHV0rn3bJJvHd:ZhG9tuh+fbWfFVjKBAzejFJvHd

Malware Config

Targets

    • Target

      25c2bc283905e0af50240fbcccb06975_JaffaCakes118

    • Size

      581KB

    • MD5

      25c2bc283905e0af50240fbcccb06975

    • SHA1

      9c71a567de3cbe859f6c33bb14edf289ca35634b

    • SHA256

      d79d6ffe8b13d515beffd7962c65ef92965d1838d8b6c4ac253e877f468c570b

    • SHA512

      959c159579b8392d7426ae4566b3549c8cdf0cd01eb13de8a8ef1f9f9be1ff5cca04241ad9d89e39cf9ce6112a013b01f402607af94d8570120160542f08bf05

    • SSDEEP

      12288:ZvcQ5UoY9tuhxw2XW9uUWfuIzQY2Cbj70ayBAKK9VHV0rn3bJJvHd:ZhG9tuh+fbWfFVjKBAzejFJvHd

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • UAC bypass

    • ModiLoader Second Stage

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks