General

  • Target

    805ecb2c611bb9b5e51883969a21a5ee_JaffaCakes118

  • Size

    688KB

  • Sample

    241030-z2mr5a1fqn

  • MD5

    805ecb2c611bb9b5e51883969a21a5ee

  • SHA1

    36e13f197ff1ffcb608a2ac3f194f2346cc67d55

  • SHA256

    dcb3f8574f19f1812cadedada105216044bb0dc472ce0164f6dc67fd7a17c99b

  • SHA512

    9ad753ac745ab5f0547eb2c80b07eea2ece286d3e408cb85f946d287da966c9fd452285af7b46e46efbeeca0992b54fb3313d35764b289523f58c24846320f3b

  • SSDEEP

    12288:ukQ4PIcBqHybSce3dhPq5nd+qsT1ZYLrDHYKnTI0:u5QIzHyuhiDyKzNTZ

Malware Config

Targets

    • Target

      805ecb2c611bb9b5e51883969a21a5ee_JaffaCakes118

    • Size

      688KB

    • MD5

      805ecb2c611bb9b5e51883969a21a5ee

    • SHA1

      36e13f197ff1ffcb608a2ac3f194f2346cc67d55

    • SHA256

      dcb3f8574f19f1812cadedada105216044bb0dc472ce0164f6dc67fd7a17c99b

    • SHA512

      9ad753ac745ab5f0547eb2c80b07eea2ece286d3e408cb85f946d287da966c9fd452285af7b46e46efbeeca0992b54fb3313d35764b289523f58c24846320f3b

    • SSDEEP

      12288:ukQ4PIcBqHybSce3dhPq5nd+qsT1ZYLrDHYKnTI0:u5QIzHyuhiDyKzNTZ

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modiloader family

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks