General

  • Target

    2294a1cbb701302777aba58b6473c4d0_JaffaCakes118

  • Size

    667KB

  • Sample

    240703-q5587szglc

  • MD5

    2294a1cbb701302777aba58b6473c4d0

  • SHA1

    793e06aaf36edbc41395309e819bad40cb2421c8

  • SHA256

    f744caa7ea088a5dc21938f6314f8f4777181c7c524e76a45c919172ebfdd1a8

  • SHA512

    9c931d89817031f0448f2ef6756bd6e9523b52377a31a31ab49fd81d6496f3bf54374146db25abdcbd83444cafd7799b5aeeb67aa35e9ea351ffeefa93e3f5b9

  • SSDEEP

    12288:TiSEco6CB3OzarLRgdexF6F3Z4mxxUDqVTVOC/Y:2KbEO4CoqQmXDVTz/Y

Score
10/10

Malware Config

Targets

    • Target

      2294a1cbb701302777aba58b6473c4d0_JaffaCakes118

    • Size

      667KB

    • MD5

      2294a1cbb701302777aba58b6473c4d0

    • SHA1

      793e06aaf36edbc41395309e819bad40cb2421c8

    • SHA256

      f744caa7ea088a5dc21938f6314f8f4777181c7c524e76a45c919172ebfdd1a8

    • SHA512

      9c931d89817031f0448f2ef6756bd6e9523b52377a31a31ab49fd81d6496f3bf54374146db25abdcbd83444cafd7799b5aeeb67aa35e9ea351ffeefa93e3f5b9

    • SSDEEP

      12288:TiSEco6CB3OzarLRgdexF6F3Z4mxxUDqVTVOC/Y:2KbEO4CoqQmXDVTz/Y

    Score
    10/10
    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • ModiLoader Second Stage

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks