General

  • Target

    9fb5d382e7e9351287bedc1a16d5ba33_JaffaCakes118

  • Size

    796KB

  • Sample

    241126-el8pfaznej

  • MD5

    9fb5d382e7e9351287bedc1a16d5ba33

  • SHA1

    9a8b8506fd01a88f39c99400d4fea2479b6117a3

  • SHA256

    519fcf354829f1a14ad88935c8e0796711fbe7451f21ccb4bc8fc0202c99c673

  • SHA512

    e599021a1cd1426156465ef146443a0cc8856b05e119832996662c59d686280fcb780313f214d2b398f89adb1bf720bd17e063ec35c2570435f4de9af16ad8e5

  • SSDEEP

    12288:f9nTQAiVtuiwlF4w+dGnS0LzPgm8cryDYTS7CPf2J8hpbCqH3UqCILs9T:f9nNMmlyeS0LzgsryuS7CPfChxT

Malware Config

Targets

    • Target

      9fb5d382e7e9351287bedc1a16d5ba33_JaffaCakes118

    • Size

      796KB

    • MD5

      9fb5d382e7e9351287bedc1a16d5ba33

    • SHA1

      9a8b8506fd01a88f39c99400d4fea2479b6117a3

    • SHA256

      519fcf354829f1a14ad88935c8e0796711fbe7451f21ccb4bc8fc0202c99c673

    • SHA512

      e599021a1cd1426156465ef146443a0cc8856b05e119832996662c59d686280fcb780313f214d2b398f89adb1bf720bd17e063ec35c2570435f4de9af16ad8e5

    • SSDEEP

      12288:f9nTQAiVtuiwlF4w+dGnS0LzPgm8cryDYTS7CPf2J8hpbCqH3UqCILs9T:f9nNMmlyeS0LzgsryuS7CPfChxT

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modiloader family

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Impair Defenses: Safe Mode Boot

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks