General

  • Target

    dde9951e574d4ead556af8484550bb38_JaffaCakes118

  • Size

    287KB

  • Sample

    240913-ht4l8s1bjf

  • MD5

    dde9951e574d4ead556af8484550bb38

  • SHA1

    98a2fea1d72a093566acfc6d63d2eb1f9159ff3f

  • SHA256

    2da221ecdec8391f2fe0886c23fba33a0d8a3c1b13159f26b8a72f71e3e45719

  • SHA512

    392209ed62f189c30b071a244804b61a436a0601feefa7b0c9fe4ff7370aba641fe69c9d7325bfa560b35557ec7664af63da40622dde991aba31c2f34a720de9

  • SSDEEP

    6144:P8urraTBw8Lib2qX2T+jFMsK3gZii6IaLzU/8g0km8UEpSmEoCJI2itP3N7FY/LY:0urrsWbXX2TyysK3gZii6IMzU/rfm8U6

Malware Config

Targets

    • Target

      dde9951e574d4ead556af8484550bb38_JaffaCakes118

    • Size

      287KB

    • MD5

      dde9951e574d4ead556af8484550bb38

    • SHA1

      98a2fea1d72a093566acfc6d63d2eb1f9159ff3f

    • SHA256

      2da221ecdec8391f2fe0886c23fba33a0d8a3c1b13159f26b8a72f71e3e45719

    • SHA512

      392209ed62f189c30b071a244804b61a436a0601feefa7b0c9fe4ff7370aba641fe69c9d7325bfa560b35557ec7664af63da40622dde991aba31c2f34a720de9

    • SSDEEP

      6144:P8urraTBw8Lib2qX2T+jFMsK3gZii6IaLzU/8g0km8UEpSmEoCJI2itP3N7FY/LY:0urrsWbXX2TyysK3gZii6IMzU/rfm8U6

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks