General
-
Target
f155af3de3221e8bdfc07b5f1fc398e4_JaffaCakes118
-
Size
737KB
-
Sample
240922-fqms7sshmr
-
MD5
f155af3de3221e8bdfc07b5f1fc398e4
-
SHA1
38ffef7e47e9890fdaa60f5a3f2f65e3fb610716
-
SHA256
e685c6f87573c1b0a337e35b7a3bca6e9d117fa92dca60ed51c4a3895c664916
-
SHA512
18cc059b4f831bf96bb7ac9ca4c9fac7a7e199fa3d8e2f2098ecbed6995bfc03823d1e5a45b2fdb003ffbf772b381f7cbec5978840cd94ecc376113abd0609e0
-
SSDEEP
12288:AZWdCO7T2tDQJh5oDZoG2dNd2jFUX+pTxmNvNyq63UCq1CA8h:8WdCc2tNDZoCjCXKh3UCq1Ch
Malware Config
Targets
-
-
Target
f155af3de3221e8bdfc07b5f1fc398e4_JaffaCakes118
-
Size
737KB
-
MD5
f155af3de3221e8bdfc07b5f1fc398e4
-
SHA1
38ffef7e47e9890fdaa60f5a3f2f65e3fb610716
-
SHA256
e685c6f87573c1b0a337e35b7a3bca6e9d117fa92dca60ed51c4a3895c664916
-
SHA512
18cc059b4f831bf96bb7ac9ca4c9fac7a7e199fa3d8e2f2098ecbed6995bfc03823d1e5a45b2fdb003ffbf772b381f7cbec5978840cd94ecc376113abd0609e0
-
SSDEEP
12288:AZWdCO7T2tDQJh5oDZoG2dNd2jFUX+pTxmNvNyq63UCq1CA8h:8WdCc2tNDZoCjCXKh3UCq1Ch
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1