General

  • Target

    812910d24e02ca6148329467d312b9d8_JaffaCakes118

  • Size

    15KB

  • Sample

    241031-cpmv2axejq

  • MD5

    812910d24e02ca6148329467d312b9d8

  • SHA1

    d687f964af84a2faa14944eb16bc1e8de5517d70

  • SHA256

    11bc0354de82a6f239dd747ed076ccc6c79744273d6f84909e7bff944a3d221b

  • SHA512

    d8f3c93150ae2eed370a9709034ab8dccb943d0bf2eb63a2f23ffcd5cffb0f2dd4a2a302750f48a8012eb92f962a36fae68e810d0b94245c42a06bad11cebeb5

  • SSDEEP

    384:Cy2GE954szZ3QYNTvq0lzwDtJcq3PTu7JnYHbE+MFDGa2dRQ:D239G+Nvkkq3PTbHblU2dK

Malware Config

Targets

    • Target

      812910d24e02ca6148329467d312b9d8_JaffaCakes118

    • Size

      15KB

    • MD5

      812910d24e02ca6148329467d312b9d8

    • SHA1

      d687f964af84a2faa14944eb16bc1e8de5517d70

    • SHA256

      11bc0354de82a6f239dd747ed076ccc6c79744273d6f84909e7bff944a3d221b

    • SHA512

      d8f3c93150ae2eed370a9709034ab8dccb943d0bf2eb63a2f23ffcd5cffb0f2dd4a2a302750f48a8012eb92f962a36fae68e810d0b94245c42a06bad11cebeb5

    • SSDEEP

      384:Cy2GE954szZ3QYNTvq0lzwDtJcq3PTu7JnYHbE+MFDGa2dRQ:D239G+Nvkkq3PTbHblU2dK

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modiloader family

    • ModiLoader Second Stage

    • Deletes itself

    • Executes dropped EXE

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks