General

  • Target

    99ac1bee27160f5c53c1cc68efdaaac4_JaffaCakes118

  • Size

    431KB

  • Sample

    241125-gvd8asylgq

  • MD5

    99ac1bee27160f5c53c1cc68efdaaac4

  • SHA1

    83fd235c1ca96f323836018ec9dde6a49c96cdfe

  • SHA256

    55b5f41dceca693585c3184dc83fb6f3477e2bd49e8f57474df7efb4c27769a7

  • SHA512

    001002c3e9ae677add8c173027a6aab346f4f4eb62c414418fb4b37645dd460a138b8123329ce031de57138627b8e974b340ec33df61aa2f84b64f845a096086

  • SSDEEP

    6144:PG377xS2Vp2CeiorXdwTBgWx4yuW2zMlYEA53GpcCJJvHR:ur7xS2Vp6RwTyCUW2pELbJJvHR

Malware Config

Targets

    • Target

      99ac1bee27160f5c53c1cc68efdaaac4_JaffaCakes118

    • Size

      431KB

    • MD5

      99ac1bee27160f5c53c1cc68efdaaac4

    • SHA1

      83fd235c1ca96f323836018ec9dde6a49c96cdfe

    • SHA256

      55b5f41dceca693585c3184dc83fb6f3477e2bd49e8f57474df7efb4c27769a7

    • SHA512

      001002c3e9ae677add8c173027a6aab346f4f4eb62c414418fb4b37645dd460a138b8123329ce031de57138627b8e974b340ec33df61aa2f84b64f845a096086

    • SSDEEP

      6144:PG377xS2Vp2CeiorXdwTBgWx4yuW2zMlYEA53GpcCJJvHR:ur7xS2Vp6RwTyCUW2pELbJJvHR

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modiloader family

    • UAC bypass

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks