General

  • Target

    e028124ffacef0fe32918b26009bb9fe_JaffaCakes118

  • Size

    604KB

  • Sample

    240914-pcwcvssgnr

  • MD5

    e028124ffacef0fe32918b26009bb9fe

  • SHA1

    72b628927d5dd67c9eaa9e2e7addc330e61ca080

  • SHA256

    e9d9f9529a1407342d270d3a6501db639597a1406b7720cbec90e44a62e818f6

  • SHA512

    0ad2e0a60a0364af89468549637273ee469cf8013c2d4e60fda8c10ce36c910a9d6d0674fd5f8898218ae663f3783a402707ed9373d8d6cf2050f2fdffc4f1fb

  • SSDEEP

    12288:x3fnHpXwLT/99MSZXj9uLZucCgaGTWqF3Z4mxxw26We0j9LIkCCXi:xvHpA//oSF9OucAG1QmXpJLIk/

Malware Config

Targets

    • Target

      e028124ffacef0fe32918b26009bb9fe_JaffaCakes118

    • Size

      604KB

    • MD5

      e028124ffacef0fe32918b26009bb9fe

    • SHA1

      72b628927d5dd67c9eaa9e2e7addc330e61ca080

    • SHA256

      e9d9f9529a1407342d270d3a6501db639597a1406b7720cbec90e44a62e818f6

    • SHA512

      0ad2e0a60a0364af89468549637273ee469cf8013c2d4e60fda8c10ce36c910a9d6d0674fd5f8898218ae663f3783a402707ed9373d8d6cf2050f2fdffc4f1fb

    • SSDEEP

      12288:x3fnHpXwLT/99MSZXj9uLZucCgaGTWqF3Z4mxxw26We0j9LIkCCXi:xvHpA//oSF9OucAG1QmXpJLIk/

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • ModiLoader Second Stage

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks