General

  • Target

    e955c30be0f3c6d10d827d4b0459d3a9_JaffaCakes118

  • Size

    351KB

  • Sample

    240918-rx617swdmf

  • MD5

    e955c30be0f3c6d10d827d4b0459d3a9

  • SHA1

    a7cc9841d8f8872929300e833437e5f9c4b0037d

  • SHA256

    851df2aa47d35c135ff39e24b312d3dd48cf99120a8614ad83e090857c352b87

  • SHA512

    33b054245db4e8535b4abafec4a00bcde251ed700788f606b28192192a555a48010efcae067acdadbfcc0901a49322b483e44cfb6ff34df578da9215fac1d21b

  • SSDEEP

    6144:FsUgBVcOsMIHyqzhdmfUuGvRJfjM1aav2R55hK03o+UKpSI:FsUgfc1M1qzznvzaaaOjS03m

Malware Config

Targets

    • Target

      e955c30be0f3c6d10d827d4b0459d3a9_JaffaCakes118

    • Size

      351KB

    • MD5

      e955c30be0f3c6d10d827d4b0459d3a9

    • SHA1

      a7cc9841d8f8872929300e833437e5f9c4b0037d

    • SHA256

      851df2aa47d35c135ff39e24b312d3dd48cf99120a8614ad83e090857c352b87

    • SHA512

      33b054245db4e8535b4abafec4a00bcde251ed700788f606b28192192a555a48010efcae067acdadbfcc0901a49322b483e44cfb6ff34df578da9215fac1d21b

    • SSDEEP

      6144:FsUgBVcOsMIHyqzhdmfUuGvRJfjM1aav2R55hK03o+UKpSI:FsUgfc1M1qzznvzaaaOjS03m

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • ModiLoader Second Stage

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks