General

  • Target

    f1bd0ed446f09ca2a8dfdcff9b1cdd0c_JaffaCakes118

  • Size

    667KB

  • Sample

    240922-lfmy4sserc

  • MD5

    f1bd0ed446f09ca2a8dfdcff9b1cdd0c

  • SHA1

    8df70b4c9df16dc1e545104fd985c6e9a4260739

  • SHA256

    61e59ca8c72610067401eb0465680fa4762b9f6d784b7c4ebd4f56575a28d994

  • SHA512

    d0b9c10e35d7670ee62049d80c2fa60149b837fc5df86507d824aac2dc23cbd21c4d35dcd065ad722f10ac35e3c55ab3d016c7f02cee5a116407a047a0090e79

  • SSDEEP

    12288:WbMqmGEEb4E9F/ATyGv4XKGQi2lJLm1Giizl6oAlpxElrW1A:WIwEEb4Ev/ATEXKGVnGTzpA1Ec1A

Malware Config

Targets

    • Target

      f1bd0ed446f09ca2a8dfdcff9b1cdd0c_JaffaCakes118

    • Size

      667KB

    • MD5

      f1bd0ed446f09ca2a8dfdcff9b1cdd0c

    • SHA1

      8df70b4c9df16dc1e545104fd985c6e9a4260739

    • SHA256

      61e59ca8c72610067401eb0465680fa4762b9f6d784b7c4ebd4f56575a28d994

    • SHA512

      d0b9c10e35d7670ee62049d80c2fa60149b837fc5df86507d824aac2dc23cbd21c4d35dcd065ad722f10ac35e3c55ab3d016c7f02cee5a116407a047a0090e79

    • SSDEEP

      12288:WbMqmGEEb4E9F/ATyGv4XKGQi2lJLm1Giizl6oAlpxElrW1A:WIwEEb4Ev/ATEXKGVnGTzpA1Ec1A

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies security service

    • Modifies visiblity of hidden/system files in Explorer

    • ModiLoader Second Stage

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Disables taskbar notifications via registry modification

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Enumerates processes with tasklist

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.