General

  • Target

    9acc6ff628e85d8ef924207f99afb342_JaffaCakes118

  • Size

    152KB

  • Sample

    241125-l2w4xa1mat

  • MD5

    9acc6ff628e85d8ef924207f99afb342

  • SHA1

    0b06b6cd64ad5924950fb25f378c42fff6894c24

  • SHA256

    dbe55d46ca4d0b24e35dfe1057753922d46c994e5b0bfccb664cec7642976c05

  • SHA512

    5930f80edcab6ab5e2b3481a5acc269d174f662f037e9a281ec2d60545cb68af833ed58abb57fb8bdace4b0564323f8b571377af32d77f56a95c7a9565483492

  • SSDEEP

    1536:c1DMz1DQvXLq6t7awFONecenlLnQHIG5R9c73P600t:9eGw9A0rC00t

Malware Config

Targets

    • Target

      9acc6ff628e85d8ef924207f99afb342_JaffaCakes118

    • Size

      152KB

    • MD5

      9acc6ff628e85d8ef924207f99afb342

    • SHA1

      0b06b6cd64ad5924950fb25f378c42fff6894c24

    • SHA256

      dbe55d46ca4d0b24e35dfe1057753922d46c994e5b0bfccb664cec7642976c05

    • SHA512

      5930f80edcab6ab5e2b3481a5acc269d174f662f037e9a281ec2d60545cb68af833ed58abb57fb8bdace4b0564323f8b571377af32d77f56a95c7a9565483492

    • SSDEEP

      1536:c1DMz1DQvXLq6t7awFONecenlLnQHIG5R9c73P600t:9eGw9A0rC00t

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modiloader family

    • ModiLoader Second Stage

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks