General

  • Target

    090ba923c9117d4641559a66bb40e275_JaffaCakes118

  • Size

    295KB

  • Sample

    240620-x2gvrsxfnp

  • MD5

    090ba923c9117d4641559a66bb40e275

  • SHA1

    48bd696970da3a4095ce62016755a82d9887e5b4

  • SHA256

    e63a86159c13f3cd984d002cafd4d683c3f08e98835ea376c816b1d43bd91a74

  • SHA512

    f66c884e5271bd4d81bbd4f6df98c9b0a9fc81635f901045e342e8a3e4e9b67b10bb6ab8d1c2d77a4ee94db43d737d2cc947130e4abd9d85cb3eaa0c0e34edd5

  • SSDEEP

    6144:OYWr9t3ut7qNbcoPWjd8gqI4opZfkz06fdRPr8Cf+Ikawj+/9kJ6m30:OYG9t+t+1cd8gdi0ITd+I6jnLk

Malware Config

Targets

    • Target

      090ba923c9117d4641559a66bb40e275_JaffaCakes118

    • Size

      295KB

    • MD5

      090ba923c9117d4641559a66bb40e275

    • SHA1

      48bd696970da3a4095ce62016755a82d9887e5b4

    • SHA256

      e63a86159c13f3cd984d002cafd4d683c3f08e98835ea376c816b1d43bd91a74

    • SHA512

      f66c884e5271bd4d81bbd4f6df98c9b0a9fc81635f901045e342e8a3e4e9b67b10bb6ab8d1c2d77a4ee94db43d737d2cc947130e4abd9d85cb3eaa0c0e34edd5

    • SSDEEP

      6144:OYWr9t3ut7qNbcoPWjd8gqI4opZfkz06fdRPr8Cf+Ikawj+/9kJ6m30:OYG9t+t+1cd8gdi0ITd+I6jnLk

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • ModiLoader Second Stage

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks