General

  • Target

    JaffaCakes118_9688e52c652159a2de886e26f51cf2a4

  • Size

    373KB

  • Sample

    250329-ypbnnaxyfy

  • MD5

    9688e52c652159a2de886e26f51cf2a4

  • SHA1

    47be034de1fa0d2ae4fe257d7dcf6e051d3adc9d

  • SHA256

    f97bddd1380e0fe2de7d2b6911ef65eff958027903a6cf66946357e390c6aa0d

  • SHA512

    041c38e939433649f162556236a1d934584fdd4917f6276f81bb8775f30a419f24a65745e4c46e16eb34bfa3325740221099df9875814d3e51d3b252247806fa

  • SSDEEP

    3072:f1+MJKrUnFYY5z1i0Nmbi5fJBN2u+SXipe4fIout02kB7URGQQLFlWBMt:FIrPj0NmWtN2iXisKIoS0PgRzQZF

Malware Config

Targets

    • Target

      JaffaCakes118_9688e52c652159a2de886e26f51cf2a4

    • Size

      373KB

    • MD5

      9688e52c652159a2de886e26f51cf2a4

    • SHA1

      47be034de1fa0d2ae4fe257d7dcf6e051d3adc9d

    • SHA256

      f97bddd1380e0fe2de7d2b6911ef65eff958027903a6cf66946357e390c6aa0d

    • SHA512

      041c38e939433649f162556236a1d934584fdd4917f6276f81bb8775f30a419f24a65745e4c46e16eb34bfa3325740221099df9875814d3e51d3b252247806fa

    • SSDEEP

      3072:f1+MJKrUnFYY5z1i0Nmbi5fJBN2u+SXipe4fIout02kB7URGQQLFlWBMt:FIrPj0NmWtN2iXisKIoS0PgRzQZF

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modiloader family

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks