General

  • Target

    80828eb47e291be6d463edf3f7a88e95_JaffaCakes118

  • Size

    653KB

  • Sample

    241030-21jp7ashme

  • MD5

    80828eb47e291be6d463edf3f7a88e95

  • SHA1

    88cd37807840b9200c950db176cf04d8daaa9839

  • SHA256

    f5d35f53155706ec4493f30f3fe222f6166c5fad0f287e7707c1ac7c1ea7b407

  • SHA512

    4ef278b28b82c317594930dfd73238dc979d45b24b5927af866a5026d0b2171810e42dfc3211411b6c67d230a362258c91754d1d5a2c7924c96eff01178266c3

  • SSDEEP

    12288:r7FFqmbu5awoIa7spYJ2OmE+XneIfs4tbAAFTI1c2obY7UtJSQROk7mFGp:h65MJspYgbjXeIHtbrTaocgtncNGp

Malware Config

Targets

    • Target

      80828eb47e291be6d463edf3f7a88e95_JaffaCakes118

    • Size

      653KB

    • MD5

      80828eb47e291be6d463edf3f7a88e95

    • SHA1

      88cd37807840b9200c950db176cf04d8daaa9839

    • SHA256

      f5d35f53155706ec4493f30f3fe222f6166c5fad0f287e7707c1ac7c1ea7b407

    • SHA512

      4ef278b28b82c317594930dfd73238dc979d45b24b5927af866a5026d0b2171810e42dfc3211411b6c67d230a362258c91754d1d5a2c7924c96eff01178266c3

    • SSDEEP

      12288:r7FFqmbu5awoIa7spYJ2OmE+XneIfs4tbAAFTI1c2obY7UtJSQROk7mFGp:h65MJspYgbjXeIHtbrTaocgtncNGp

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modiloader family

    • ModiLoader Second Stage

    • Deletes itself

    • Executes dropped EXE

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks