General

  • Target

    9c369c51ffd789d9d4721f5328f8c3b2_JaffaCakes118

  • Size

    651KB

  • Sample

    241125-sb53fsskd1

  • MD5

    9c369c51ffd789d9d4721f5328f8c3b2

  • SHA1

    71f52c388b75d564b6297e07f4022412ecb724ea

  • SHA256

    a8f0f9de51eb706d27626204b69a48154329c9f58224e93c6e359c1d6b511f9b

  • SHA512

    d00f61e3da95d435f01cfc37d2367971ef99d860702b5f94c02e2a4d8e19ebcbb7a850e2fb06c556b6b633e7c1700ab62bbd1a1c397b1743709f43ac1c4eb336

  • SSDEEP

    12288:kpyZT1ErCxu/mDwLRI6BxcDqp9aqCcajVuD3Z7BPQGMWYur0s0D:kUx1EjOD3SxcDDcNDqWYurL0

Malware Config

Targets

    • Target

      9c369c51ffd789d9d4721f5328f8c3b2_JaffaCakes118

    • Size

      651KB

    • MD5

      9c369c51ffd789d9d4721f5328f8c3b2

    • SHA1

      71f52c388b75d564b6297e07f4022412ecb724ea

    • SHA256

      a8f0f9de51eb706d27626204b69a48154329c9f58224e93c6e359c1d6b511f9b

    • SHA512

      d00f61e3da95d435f01cfc37d2367971ef99d860702b5f94c02e2a4d8e19ebcbb7a850e2fb06c556b6b633e7c1700ab62bbd1a1c397b1743709f43ac1c4eb336

    • SSDEEP

      12288:kpyZT1ErCxu/mDwLRI6BxcDqp9aqCcajVuD3Z7BPQGMWYur0s0D:kUx1EjOD3SxcDDcNDqWYurL0

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies visiblity of hidden/system files in Explorer

    • Modiloader family

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops desktop.ini file(s)

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Enumerates processes with tasklist

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks