General

  • Target

    fb552877d8149be7f988aa678c3d88ec_JaffaCakes118

  • Size

    144KB

  • Sample

    240928-c11k9svdrd

  • MD5

    fb552877d8149be7f988aa678c3d88ec

  • SHA1

    a1bc21102f3b0988b1f34970633d955e3184a1f0

  • SHA256

    d44e1f4a6c188cdc3b0bd1e29e7979c228ed84b1f199abaffb7ac99244549aa7

  • SHA512

    9e7967ec67f13f99c5c5c7c6a7990940eb54c15981e4db27c771bb0d2d73fbec3bfb810558721be1f46f26726a1cc5c71ec1c27001e36e2e2bcb6be1628fa3a5

  • SSDEEP

    3072:bSWIjftsuB4Hf7b7uZo2KuNuMNTPvLFcv00Ej9s3aMEEU:ajP4HjbCLKCvDvkEja+R

Malware Config

Targets

    • Target

      fb552877d8149be7f988aa678c3d88ec_JaffaCakes118

    • Size

      144KB

    • MD5

      fb552877d8149be7f988aa678c3d88ec

    • SHA1

      a1bc21102f3b0988b1f34970633d955e3184a1f0

    • SHA256

      d44e1f4a6c188cdc3b0bd1e29e7979c228ed84b1f199abaffb7ac99244549aa7

    • SHA512

      9e7967ec67f13f99c5c5c7c6a7990940eb54c15981e4db27c771bb0d2d73fbec3bfb810558721be1f46f26726a1cc5c71ec1c27001e36e2e2bcb6be1628fa3a5

    • SSDEEP

      3072:bSWIjftsuB4Hf7b7uZo2KuNuMNTPvLFcv00Ej9s3aMEEU:ajP4HjbCLKCvDvkEja+R

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.