General

  • Target

    d4f3d2a4795b9e182eba81450bd25f44_JaffaCakes118

  • Size

    651KB

  • Sample

    241208-dlynssyret

  • MD5

    d4f3d2a4795b9e182eba81450bd25f44

  • SHA1

    b9c7b6b32c211b580886c6bcccf3a7e3155abd80

  • SHA256

    e69977f650a3ef88e9f73bb62a7d299232ea0691eb9149da48eb44c275163928

  • SHA512

    48e561ee22e1c0f2521f1f5254e4d911e82ed4e6acbcfe34122e79cef93f0eae0e79ff7c7ccbbed08cb4af9235035c4bd0733453c993729c16f6be1f3fb22125

  • SSDEEP

    12288:kpyZT1ZrCxu/mDwLRI6BxcDqp9aqCcajVuD3Z7BPQGMWYur0s0D:kUx1ZjOD3SxcDDcNDqWYurL0

Malware Config

Targets

    • Target

      d4f3d2a4795b9e182eba81450bd25f44_JaffaCakes118

    • Size

      651KB

    • MD5

      d4f3d2a4795b9e182eba81450bd25f44

    • SHA1

      b9c7b6b32c211b580886c6bcccf3a7e3155abd80

    • SHA256

      e69977f650a3ef88e9f73bb62a7d299232ea0691eb9149da48eb44c275163928

    • SHA512

      48e561ee22e1c0f2521f1f5254e4d911e82ed4e6acbcfe34122e79cef93f0eae0e79ff7c7ccbbed08cb4af9235035c4bd0733453c993729c16f6be1f3fb22125

    • SSDEEP

      12288:kpyZT1ZrCxu/mDwLRI6BxcDqp9aqCcajVuD3Z7BPQGMWYur0s0D:kUx1ZjOD3SxcDDcNDqWYurL0

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies visiblity of hidden/system files in Explorer

    • Modiloader family

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops desktop.ini file(s)

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Enumerates processes with tasklist

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks