General

  • Target

    ddaea766555af7970b1fd03874a594b9_JaffaCakes118

  • Size

    423KB

  • Sample

    240913-e63zpaveqd

  • MD5

    ddaea766555af7970b1fd03874a594b9

  • SHA1

    57efc17d80a0b3c75b3182f3036e54fc1b650bb8

  • SHA256

    4e88ce9cee10a31d3416e85e30a8da824883a90746154c53362ff5b945d86c49

  • SHA512

    ac1512ffb575ace196246bac910deefa1b952a16a10aff3e129b750c3ede7d7bbb5cb21bcd90f59d95f629bd206ebfd0f9107ca586e8be61f6ece94b7e797021

  • SSDEEP

    12288:HHLUMuiv9RgfSjAzRtyf9/+NV+PdeCg3YQ6zy:btARsmNQ83Azy

Malware Config

Targets

    • Target

      ddaea766555af7970b1fd03874a594b9_JaffaCakes118

    • Size

      423KB

    • MD5

      ddaea766555af7970b1fd03874a594b9

    • SHA1

      57efc17d80a0b3c75b3182f3036e54fc1b650bb8

    • SHA256

      4e88ce9cee10a31d3416e85e30a8da824883a90746154c53362ff5b945d86c49

    • SHA512

      ac1512ffb575ace196246bac910deefa1b952a16a10aff3e129b750c3ede7d7bbb5cb21bcd90f59d95f629bd206ebfd0f9107ca586e8be61f6ece94b7e797021

    • SSDEEP

      12288:HHLUMuiv9RgfSjAzRtyf9/+NV+PdeCg3YQ6zy:btARsmNQ83Azy

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • UAC bypass

    • ModiLoader Second Stage

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks whether UAC is enabled

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

MITRE ATT&CK Enterprise v15

Tasks