General

  • Target

    08eaadc72b021a9088eaf90acfa34a09_JaffaCakes118

  • Size

    202KB

  • Sample

    240620-xq8jcashkh

  • MD5

    08eaadc72b021a9088eaf90acfa34a09

  • SHA1

    0d2d4b6fe74a0c9289bbea402e6049acbddfb767

  • SHA256

    e0a2de65b74e82eb898cc69369d27143c9bbfc9b83ab62e2ec0ec4b5cad79bac

  • SHA512

    d338dd66e0dc3d6d80a99d27ea890b0e08fed009d452e5410194e31e24b13c9b351009033bbcdaad515c5587f1ca1b23cc8d67f238643d8d893f4b6a4cd25aff

  • SSDEEP

    6144:oAMj7UGSaJxF+hzzyymJRJq6muwDGbFZAxNt+:FMXmaJfemJRg6jwapZ

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      08eaadc72b021a9088eaf90acfa34a09_JaffaCakes118

    • Size

      202KB

    • MD5

      08eaadc72b021a9088eaf90acfa34a09

    • SHA1

      0d2d4b6fe74a0c9289bbea402e6049acbddfb767

    • SHA256

      e0a2de65b74e82eb898cc69369d27143c9bbfc9b83ab62e2ec0ec4b5cad79bac

    • SHA512

      d338dd66e0dc3d6d80a99d27ea890b0e08fed009d452e5410194e31e24b13c9b351009033bbcdaad515c5587f1ca1b23cc8d67f238643d8d893f4b6a4cd25aff

    • SSDEEP

      6144:oAMj7UGSaJxF+hzzyymJRJq6muwDGbFZAxNt+:FMXmaJfemJRg6jwapZ

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • ModiLoader Second Stage

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks