General

  • Target

    253904f5391156c3245b06fb8b3febed_JaffaCakes118

  • Size

    604KB

  • Sample

    240704-j1vhks1hnn

  • MD5

    253904f5391156c3245b06fb8b3febed

  • SHA1

    7c627fccc08784a8d906b96a24a5f61c3e9f4d8f

  • SHA256

    c78c5d1eebefcdf63b79aa5498b47d86b1a884cc0f42bc36ed6948f009250a84

  • SHA512

    ff2e8f99c688712356b8d3ef95baa120b24d98579c0ed6fa2645832fc7b6451ea4bb94a916970d4b1417f2d69e8f7816e8229d7c243a3569645101bf1cba7d44

  • SSDEEP

    12288:nZrHpXwLT/99MSZXj9mklGIGyJj8A//yoUfGF3Z4mxxPF1xaZFIF8toQoIBQ:ZrpA//oSF9mkkIhJjX/xUuQmXNXaO8ta

Score
10/10

Malware Config

Targets

    • Target

      253904f5391156c3245b06fb8b3febed_JaffaCakes118

    • Size

      604KB

    • MD5

      253904f5391156c3245b06fb8b3febed

    • SHA1

      7c627fccc08784a8d906b96a24a5f61c3e9f4d8f

    • SHA256

      c78c5d1eebefcdf63b79aa5498b47d86b1a884cc0f42bc36ed6948f009250a84

    • SHA512

      ff2e8f99c688712356b8d3ef95baa120b24d98579c0ed6fa2645832fc7b6451ea4bb94a916970d4b1417f2d69e8f7816e8229d7c243a3569645101bf1cba7d44

    • SSDEEP

      12288:nZrHpXwLT/99MSZXj9mklGIGyJj8A//yoUfGF3Z4mxxPF1xaZFIF8toQoIBQ:ZrpA//oSF9mkkIhJjX/xUuQmXNXaO8ta

    Score
    10/10
    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • ModiLoader Second Stage

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks