General
-
Target
9efbeae5102be8462b57c303bc7009a9_JaffaCakes118
-
Size
441KB
-
Sample
241126-bjx85swlh1
-
MD5
9efbeae5102be8462b57c303bc7009a9
-
SHA1
d2236eb82a4f9f8638982c933af190a791969a6d
-
SHA256
be1960af87c436e2e6fd29b0bba67b81534b79240e0014f8391175ee46ddf466
-
SHA512
c4c53a175595cfbd10db30f65648665fc84cd2a4dddaab836e7d9b38536b10dea6cd71272e28fee30393f1ef119687a29edc1d465563c4c08495d397578a3eb6
-
SSDEEP
12288:1+4X41tureITLfH7FnQZMNNYwe3rivrIIREsS3O2/oOgw6o:7XqY/3PBowe3ricIREsOO2lgxo
Malware Config
Targets
-
-
Target
9efbeae5102be8462b57c303bc7009a9_JaffaCakes118
-
Size
441KB
-
MD5
9efbeae5102be8462b57c303bc7009a9
-
SHA1
d2236eb82a4f9f8638982c933af190a791969a6d
-
SHA256
be1960af87c436e2e6fd29b0bba67b81534b79240e0014f8391175ee46ddf466
-
SHA512
c4c53a175595cfbd10db30f65648665fc84cd2a4dddaab836e7d9b38536b10dea6cd71272e28fee30393f1ef119687a29edc1d465563c4c08495d397578a3eb6
-
SSDEEP
12288:1+4X41tureITLfH7FnQZMNNYwe3rivrIIREsS3O2/oOgw6o:7XqY/3PBowe3ricIREsOO2lgxo
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modifies WinLogon for persistence
-
Modiloader family
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1