General
-
Target
8362054cc34c6b20627a56665dcb1caa_JaffaCakes118
-
Size
569KB
-
Sample
241031-scfh7azgra
-
MD5
8362054cc34c6b20627a56665dcb1caa
-
SHA1
3400c67bdb9a15f87cfbe5b6a672b16563670ca8
-
SHA256
ea173934e0e5bb84d2ebc43682c8204ff2181887482116d1a0d562e2f1662ee6
-
SHA512
d33b4e48437b2130aa734dc7e3a8f69c891acfed92cfdf7590a216b768f563577afdc08192f77deda8b0dacc90c0bae4fd0361c6a3015b80c49ab50f2f8cccca
-
SSDEEP
12288:xHrR5fanmZbi/gj3CRwRfFxTUeaAF3Z4mxxFyGd3YAqD7at6IK2g6x35c70Cy:xHXanmZbi4j3gM9xTUzAQmXkGlHa7Q/L
Malware Config
Targets
-
-
Target
8362054cc34c6b20627a56665dcb1caa_JaffaCakes118
-
Size
569KB
-
MD5
8362054cc34c6b20627a56665dcb1caa
-
SHA1
3400c67bdb9a15f87cfbe5b6a672b16563670ca8
-
SHA256
ea173934e0e5bb84d2ebc43682c8204ff2181887482116d1a0d562e2f1662ee6
-
SHA512
d33b4e48437b2130aa734dc7e3a8f69c891acfed92cfdf7590a216b768f563577afdc08192f77deda8b0dacc90c0bae4fd0361c6a3015b80c49ab50f2f8cccca
-
SSDEEP
12288:xHrR5fanmZbi/gj3CRwRfFxTUeaAF3Z4mxxFyGd3YAqD7at6IK2g6x35c70Cy:xHXanmZbi4j3gM9xTUzAQmXkGlHa7Q/L
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Server Software Component: Terminal Services DLL
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Server Software Component
1Terminal Services DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1