General
-
Target
4be804e4b7951b7febc1f07879ebb657_JaffaCakes118
-
Size
719KB
-
Sample
241016-h815naygle
-
MD5
4be804e4b7951b7febc1f07879ebb657
-
SHA1
3c2b5ffe474fa495a9d0fdbb72e5a85842835b21
-
SHA256
c3763b46967e7dcddc738fa79b5341fd2e1f8b196f32ef7f3b6c187fd8de02a9
-
SHA512
d333c21a851a58dd81c0176f69a2c693271628b56c67b0654a594d07f63240197dc9d62a22c6fded1b45a95874c46126bf0b1eb85bdabec2e06308d84f05804f
-
SSDEEP
12288:6XgPVmsO7H+JeYkZQors8sEyMGXxeFlX4EEPSwDfAmgBJbf8AwnBrRm8dZ/X:AoZ3J78G2X4bEmCb+rRvZ/X
Static task
static1
Behavioral task
behavioral1
Sample
4be804e4b7951b7febc1f07879ebb657_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
4be804e4b7951b7febc1f07879ebb657_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
4be804e4b7951b7febc1f07879ebb657_JaffaCakes118
-
Size
719KB
-
MD5
4be804e4b7951b7febc1f07879ebb657
-
SHA1
3c2b5ffe474fa495a9d0fdbb72e5a85842835b21
-
SHA256
c3763b46967e7dcddc738fa79b5341fd2e1f8b196f32ef7f3b6c187fd8de02a9
-
SHA512
d333c21a851a58dd81c0176f69a2c693271628b56c67b0654a594d07f63240197dc9d62a22c6fded1b45a95874c46126bf0b1eb85bdabec2e06308d84f05804f
-
SSDEEP
12288:6XgPVmsO7H+JeYkZQors8sEyMGXxeFlX4EEPSwDfAmgBJbf8AwnBrRm8dZ/X:AoZ3J78G2X4bEmCb+rRvZ/X
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1