General
-
Target
fc03dd697d1e1e6a3854b08b6495aff9_JaffaCakes118
-
Size
719KB
-
Sample
240420-f1fgwahe58
-
MD5
fc03dd697d1e1e6a3854b08b6495aff9
-
SHA1
8bcbeaab1428a488403a383984ea908a52ff568d
-
SHA256
bb41dddfefc9a6129c46645fcfaba2ea90cf4f55f6f54df2702c7c553ba61952
-
SHA512
e9a4328be43e6221537e595f26f69b4a66b8b242ad16576c48f3dd9f3e6f239ad746b2b16a69e12ab657c87c536ccc97c8d0fe0bd0a2f4a84f99e82d77307b81
-
SSDEEP
12288:6XgPVmsO7H+JeYkZQors8sEyMGXxe/lX4EEPSwDfAmgBJbf8AwnBrRm8dZ/X:AoZ3J78GQX4bEmCb+rRvZ/X
Malware Config
Targets
-
-
Target
fc03dd697d1e1e6a3854b08b6495aff9_JaffaCakes118
-
Size
719KB
-
MD5
fc03dd697d1e1e6a3854b08b6495aff9
-
SHA1
8bcbeaab1428a488403a383984ea908a52ff568d
-
SHA256
bb41dddfefc9a6129c46645fcfaba2ea90cf4f55f6f54df2702c7c553ba61952
-
SHA512
e9a4328be43e6221537e595f26f69b4a66b8b242ad16576c48f3dd9f3e6f239ad746b2b16a69e12ab657c87c536ccc97c8d0fe0bd0a2f4a84f99e82d77307b81
-
SSDEEP
12288:6XgPVmsO7H+JeYkZQors8sEyMGXxe/lX4EEPSwDfAmgBJbf8AwnBrRm8dZ/X:AoZ3J78GQX4bEmCb+rRvZ/X
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modifies visiblity of hidden/system files in Explorer
-
ModiLoader Second Stage
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1