General

  • Target

    dad7dc058db66ca5dbf865df958b981c_JaffaCakes118

  • Size

    110KB

  • Sample

    240911-vvhsdatarg

  • MD5

    dad7dc058db66ca5dbf865df958b981c

  • SHA1

    e193aef5644bc2d13a39d657ed3b2ba739ba0feb

  • SHA256

    33a0bcbeedb81a4cf78104e442d71ba91fc96a87dc6b44e2f46fe6e3cfb6abd1

  • SHA512

    a89cd42d1afb1147bb2ef28d0c977eab6a1eabcc3db6a31df44f05e8f985dc10271d024c451e855267bd7745e599ad889ca2cfd979f790b7c283ff392d29d169

  • SSDEEP

    3072:Yoy8j7VnNdrPHaSekwi+mW+2stCd/sV2TJout:o8jZ7rvaU3+mWrssVJoS

Malware Config

Targets

    • Target

      dad7dc058db66ca5dbf865df958b981c_JaffaCakes118

    • Size

      110KB

    • MD5

      dad7dc058db66ca5dbf865df958b981c

    • SHA1

      e193aef5644bc2d13a39d657ed3b2ba739ba0feb

    • SHA256

      33a0bcbeedb81a4cf78104e442d71ba91fc96a87dc6b44e2f46fe6e3cfb6abd1

    • SHA512

      a89cd42d1afb1147bb2ef28d0c977eab6a1eabcc3db6a31df44f05e8f985dc10271d024c451e855267bd7745e599ad889ca2cfd979f790b7c283ff392d29d169

    • SSDEEP

      3072:Yoy8j7VnNdrPHaSekwi+mW+2stCd/sV2TJout:o8jZ7rvaU3+mWrssVJoS

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • UAC bypass

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks