General
-
Target
cf78dba1e1b0c6ebeee34d97e8fa9621_JaffaCakes118
-
Size
1.8MB
-
Sample
240906-n3rlxsvckk
-
MD5
cf78dba1e1b0c6ebeee34d97e8fa9621
-
SHA1
2c931ac10a37b20806c667616d4f83fa6ba74114
-
SHA256
55590a29a1310fd765b32cdf1ea6364c3dd089ff8d67d9ea237c16c924e27d8c
-
SHA512
a73a5411f13b555ca6e28d3b34c865c73c3c0d4e4ba54964d2aab74c341ef041d71f9f30ea73dbc13ca721198ce053f9d17af9b214d7a72ed03e29f0ecbd35af
-
SSDEEP
24576:6eGh9/qFXNv/p26M66EhExEHRJoNzfNgDf9Ns8T3/P21ebXpjm4il9gJ0uWOAMJk:+EJLDsuWA0nCNepVy2ffQljIX
Malware Config
Targets
-
-
Target
cf78dba1e1b0c6ebeee34d97e8fa9621_JaffaCakes118
-
Size
1.8MB
-
MD5
cf78dba1e1b0c6ebeee34d97e8fa9621
-
SHA1
2c931ac10a37b20806c667616d4f83fa6ba74114
-
SHA256
55590a29a1310fd765b32cdf1ea6364c3dd089ff8d67d9ea237c16c924e27d8c
-
SHA512
a73a5411f13b555ca6e28d3b34c865c73c3c0d4e4ba54964d2aab74c341ef041d71f9f30ea73dbc13ca721198ce053f9d17af9b214d7a72ed03e29f0ecbd35af
-
SSDEEP
24576:6eGh9/qFXNv/p26M66EhExEHRJoNzfNgDf9Ns8T3/P21ebXpjm4il9gJ0uWOAMJk:+EJLDsuWA0nCNepVy2ffQljIX
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modifies WinLogon for persistence
-
ModiLoader Second Stage
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1