General

  • Target

    8b22d40166f7316a7c8ae0375f60e984_JaffaCakes118

  • Size

    80KB

  • Sample

    241103-m3tkvasdqa

  • MD5

    8b22d40166f7316a7c8ae0375f60e984

  • SHA1

    3c2c700ce1553b6d96cf1f83f280acd7bca6f143

  • SHA256

    c30de93ba586648ea6b3c897840d1a3a11ae1962c11ac15e82ba153d271e54fe

  • SHA512

    e7f035678ff593dbf90c810634c33428be074f6d41cd0e3f14a1a6a2990b30ae31ceceec0077144b7f8a5531bb330783316ae982168513946c8b95c1da9f73fb

  • SSDEEP

    1536:4q6u9kHqyY71zdfMIn8ofsx3MfwzjNO6HPG1ab/K/xypMcUwjgVU/eDSWqESb3:4qMqXxdEaKhSwnVPG1aDK/spMhwsDSWq

Malware Config

Targets

    • Target

      8b22d40166f7316a7c8ae0375f60e984_JaffaCakes118

    • Size

      80KB

    • MD5

      8b22d40166f7316a7c8ae0375f60e984

    • SHA1

      3c2c700ce1553b6d96cf1f83f280acd7bca6f143

    • SHA256

      c30de93ba586648ea6b3c897840d1a3a11ae1962c11ac15e82ba153d271e54fe

    • SHA512

      e7f035678ff593dbf90c810634c33428be074f6d41cd0e3f14a1a6a2990b30ae31ceceec0077144b7f8a5531bb330783316ae982168513946c8b95c1da9f73fb

    • SSDEEP

      1536:4q6u9kHqyY71zdfMIn8ofsx3MfwzjNO6HPG1ab/K/xypMcUwjgVU/eDSWqESb3:4qMqXxdEaKhSwnVPG1aDK/spMhwsDSWq

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modiloader family

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks