General

  • Target

    9deb78430bb2da07d021066aeefb6803_JaffaCakes118

  • Size

    1.0MB

  • Sample

    241125-z16tlstkcq

  • MD5

    9deb78430bb2da07d021066aeefb6803

  • SHA1

    a73a3a89b4d3eba148eec98e8aa707eb0001b6eb

  • SHA256

    6592a1c278b3c65f61c2f05022aa8a7d3ddba1db39f2716f7f145a17325b59ff

  • SHA512

    c8c4b1a88d440ffc23e0da1eb9209401191dd10251fbe4089e0eabde97d00a02e11e5c4a770792b6757ea22f7abd67335e0ab5391302497e93f8058eda96f580

  • SSDEEP

    24576:/eDQmXATejKj58fH7+VO5DFzdHL8GOAKOq1WQW2pwnipa7K:20mwejamH7+gJzV8nWQWbi07K

Malware Config

Targets

    • Target

      9deb78430bb2da07d021066aeefb6803_JaffaCakes118

    • Size

      1.0MB

    • MD5

      9deb78430bb2da07d021066aeefb6803

    • SHA1

      a73a3a89b4d3eba148eec98e8aa707eb0001b6eb

    • SHA256

      6592a1c278b3c65f61c2f05022aa8a7d3ddba1db39f2716f7f145a17325b59ff

    • SHA512

      c8c4b1a88d440ffc23e0da1eb9209401191dd10251fbe4089e0eabde97d00a02e11e5c4a770792b6757ea22f7abd67335e0ab5391302497e93f8058eda96f580

    • SSDEEP

      24576:/eDQmXATejKj58fH7+VO5DFzdHL8GOAKOq1WQW2pwnipa7K:20mwejamH7+gJzV8nWQWbi07K

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modiloader family

    • ModiLoader Second Stage

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks