General

  • Target

    JaffaCakes118_581599111559af39d587c0a4ad7aec3c

  • Size

    706KB

  • Sample

    250115-qnmqjavqdp

  • MD5

    581599111559af39d587c0a4ad7aec3c

  • SHA1

    d4e5df9dbbb4ebc771b8335447db604e8f2fcd1f

  • SHA256

    4bcbf3e1b8db650034045a3051c43678b90401525bb002c11b797b099e633166

  • SHA512

    7664b7a8caf5f6088c733e71a0c62fd2462700e0d2dc68f95d0ef83701b3773156bd95afcf5a0c60a8afa4fdc925a487a6bdd1600067af686352749d900757a0

  • SSDEEP

    12288:yrnDkr9EJIoNEiFEtCNVPMNbEziKR/60LF3Z4mxxYLPOwjLNkf4:ybAGhNEtCN2mjRPLQmXYawXNkg

Malware Config

Targets

    • Target

      JaffaCakes118_581599111559af39d587c0a4ad7aec3c

    • Size

      706KB

    • MD5

      581599111559af39d587c0a4ad7aec3c

    • SHA1

      d4e5df9dbbb4ebc771b8335447db604e8f2fcd1f

    • SHA256

      4bcbf3e1b8db650034045a3051c43678b90401525bb002c11b797b099e633166

    • SHA512

      7664b7a8caf5f6088c733e71a0c62fd2462700e0d2dc68f95d0ef83701b3773156bd95afcf5a0c60a8afa4fdc925a487a6bdd1600067af686352749d900757a0

    • SSDEEP

      12288:yrnDkr9EJIoNEiFEtCNVPMNbEziKR/60LF3Z4mxxYLPOwjLNkf4:ybAGhNEtCN2mjRPLQmXYawXNkg

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modiloader family

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks