General

  • Target

    a053d478aca561af75afcc6facca4eae_JaffaCakes118

  • Size

    271KB

  • Sample

    241126-g7k7daynhz

  • MD5

    a053d478aca561af75afcc6facca4eae

  • SHA1

    30230c4d749bb26aedb25f3796a31420f69c28a5

  • SHA256

    124fd3bf3bd04df1ad3522d23fcb6cde04aff5199e7fa9ea42ca8ccbf2836b51

  • SHA512

    1227cd420b51cdaac3ab1d65277e9204de968766bae7c8e5278033a74db31acef35d8c3d3d11c99de6b86cc3d29977c966e8d6ed9607824d094f325c423c2bb1

  • SSDEEP

    6144:7GP77xS2Vp21hLUrwTBoDh53tpcCJJvHa:KD7xS2VpaQwTaRbJJvHa

Malware Config

Targets

    • Target

      a053d478aca561af75afcc6facca4eae_JaffaCakes118

    • Size

      271KB

    • MD5

      a053d478aca561af75afcc6facca4eae

    • SHA1

      30230c4d749bb26aedb25f3796a31420f69c28a5

    • SHA256

      124fd3bf3bd04df1ad3522d23fcb6cde04aff5199e7fa9ea42ca8ccbf2836b51

    • SHA512

      1227cd420b51cdaac3ab1d65277e9204de968766bae7c8e5278033a74db31acef35d8c3d3d11c99de6b86cc3d29977c966e8d6ed9607824d094f325c423c2bb1

    • SSDEEP

      6144:7GP77xS2Vp21hLUrwTBoDh53tpcCJJvHa:KD7xS2VpaQwTaRbJJvHa

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modiloader family

    • UAC bypass

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks