General

  • Target

    fb7c8bf9f39db1d6dfcb83e965b7171a_JaffaCakes118

  • Size

    686KB

  • Sample

    240928-ewmvqaygpa

  • MD5

    fb7c8bf9f39db1d6dfcb83e965b7171a

  • SHA1

    eede193002b6624ee194675c79adb84cf2293c51

  • SHA256

    30ef898e25f8c0ad57894203a8298d143169ae6535b770af2ade724dd662a436

  • SHA512

    e72c51706a1b648b5507778430821100ceccddc584007d85f887b408ecc5da7e203626e7d850c6d535ab5348bb1ef81c271226c41b0d7d88f64317f4585d1ae1

  • SSDEEP

    12288:PGizviX0cjyOK/tSGJkGat0aiYtFwloF3Z4mxxkDqVTVOCQO:PXiJh/G5aiYtFwloQmXTVTzQO

Malware Config

Targets

    • Target

      fb7c8bf9f39db1d6dfcb83e965b7171a_JaffaCakes118

    • Size

      686KB

    • MD5

      fb7c8bf9f39db1d6dfcb83e965b7171a

    • SHA1

      eede193002b6624ee194675c79adb84cf2293c51

    • SHA256

      30ef898e25f8c0ad57894203a8298d143169ae6535b770af2ade724dd662a436

    • SHA512

      e72c51706a1b648b5507778430821100ceccddc584007d85f887b408ecc5da7e203626e7d850c6d535ab5348bb1ef81c271226c41b0d7d88f64317f4585d1ae1

    • SSDEEP

      12288:PGizviX0cjyOK/tSGJkGat0aiYtFwloF3Z4mxxkDqVTVOCQO:PXiJh/G5aiYtFwloQmXTVTzQO

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • ModiLoader Second Stage

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.