General

  • Target

    4be804e4b7951b7febc1f07879ebb657_JaffaCakes118

  • Size

    719KB

  • Sample

    241016-h815naygle

  • MD5

    4be804e4b7951b7febc1f07879ebb657

  • SHA1

    3c2b5ffe474fa495a9d0fdbb72e5a85842835b21

  • SHA256

    c3763b46967e7dcddc738fa79b5341fd2e1f8b196f32ef7f3b6c187fd8de02a9

  • SHA512

    d333c21a851a58dd81c0176f69a2c693271628b56c67b0654a594d07f63240197dc9d62a22c6fded1b45a95874c46126bf0b1eb85bdabec2e06308d84f05804f

  • SSDEEP

    12288:6XgPVmsO7H+JeYkZQors8sEyMGXxeFlX4EEPSwDfAmgBJbf8AwnBrRm8dZ/X:AoZ3J78G2X4bEmCb+rRvZ/X

Malware Config

Targets

    • Target

      4be804e4b7951b7febc1f07879ebb657_JaffaCakes118

    • Size

      719KB

    • MD5

      4be804e4b7951b7febc1f07879ebb657

    • SHA1

      3c2b5ffe474fa495a9d0fdbb72e5a85842835b21

    • SHA256

      c3763b46967e7dcddc738fa79b5341fd2e1f8b196f32ef7f3b6c187fd8de02a9

    • SHA512

      d333c21a851a58dd81c0176f69a2c693271628b56c67b0654a594d07f63240197dc9d62a22c6fded1b45a95874c46126bf0b1eb85bdabec2e06308d84f05804f

    • SSDEEP

      12288:6XgPVmsO7H+JeYkZQors8sEyMGXxeFlX4EEPSwDfAmgBJbf8AwnBrRm8dZ/X:AoZ3J78G2X4bEmCb+rRvZ/X

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • ModiLoader Second Stage

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks