General
-
Target
e5a20c12cde4cf74036482dc9e979f11_JaffaCakes118
-
Size
1.3MB
-
Sample
240916-1sx26s1hrq
-
MD5
e5a20c12cde4cf74036482dc9e979f11
-
SHA1
6a3d86e2bb27849d97cad17cb8e32ced3391a3eb
-
SHA256
dc40ab34a74b027dd88b46eed0a43aecdc8d5e6ba65da291cc4e233ed29a7920
-
SHA512
12476daa6492dd30b45828d5cd259c4493a0ee42451def64a5d1db28f4858941b74a78479d6290b36cfb8eeaeadab1e77c2f731faa11b95e9f432140e19a2be7
-
SSDEEP
24576:0wQAz+8160S36egiMymL8LXk4ZbvMiftEbj8dmz5xBnqEPcjh/Py:0lAF60uYipmL8FBt126Ic9/K
Malware Config
Targets
-
-
Target
e5a20c12cde4cf74036482dc9e979f11_JaffaCakes118
-
Size
1.3MB
-
MD5
e5a20c12cde4cf74036482dc9e979f11
-
SHA1
6a3d86e2bb27849d97cad17cb8e32ced3391a3eb
-
SHA256
dc40ab34a74b027dd88b46eed0a43aecdc8d5e6ba65da291cc4e233ed29a7920
-
SHA512
12476daa6492dd30b45828d5cd259c4493a0ee42451def64a5d1db28f4858941b74a78479d6290b36cfb8eeaeadab1e77c2f731faa11b95e9f432140e19a2be7
-
SSDEEP
24576:0wQAz+8160S36egiMymL8LXk4ZbvMiftEbj8dmz5xBnqEPcjh/Py:0lAF60uYipmL8FBt126Ic9/K
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modifies WinLogon for persistence
-
ModiLoader Second Stage
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1