General
-
Target
f37083d35c4d2e785a6fb84875cb8331_JaffaCakes118
-
Size
623KB
-
Sample
240925-vj61tswglq
-
MD5
f37083d35c4d2e785a6fb84875cb8331
-
SHA1
fc93143795ae3fb1b81947961d571b1e00fdb4b5
-
SHA256
e1a9f7fad02dc673f6c02f5b1ec82266dc85426941c403750d3c46289feec30c
-
SHA512
5d85335c80d532a22203076f5730ec8518b221f0a1ad89a14e7575a9d8d9b88d414afb72a5ea72a3bec728673d3db0b24cb597bb0da64ce4e03d6140bd602f51
-
SSDEEP
6144:zcP+pnEzMXdO4Qq6Iyh1G6J9bJuYK6wGWZRgdg18LIg7mG58Lxzj2z8ZkiGn1umM:zlnE/zJ9HKIww5AyviGumKuCN
Malware Config
Targets
-
-
Target
f37083d35c4d2e785a6fb84875cb8331_JaffaCakes118
-
Size
623KB
-
MD5
f37083d35c4d2e785a6fb84875cb8331
-
SHA1
fc93143795ae3fb1b81947961d571b1e00fdb4b5
-
SHA256
e1a9f7fad02dc673f6c02f5b1ec82266dc85426941c403750d3c46289feec30c
-
SHA512
5d85335c80d532a22203076f5730ec8518b221f0a1ad89a14e7575a9d8d9b88d414afb72a5ea72a3bec728673d3db0b24cb597bb0da64ce4e03d6140bd602f51
-
SSDEEP
6144:zcP+pnEzMXdO4Qq6Iyh1G6J9bJuYK6wGWZRgdg18LIg7mG58Lxzj2z8ZkiGn1umM:zlnE/zJ9HKIww5AyviGumKuCN
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1