General
-
Target
c350fa828c91aad3d58b891fb0be2a22_JaffaCakes118
-
Size
173KB
-
Sample
241204-tj19xawkdq
-
MD5
c350fa828c91aad3d58b891fb0be2a22
-
SHA1
00cf7b3ca77056322b4004f78b053465c4fc39c8
-
SHA256
e8261db9b6411dcf2c129312e9403c2d2e65530b231f26c1ed23df2d9c45a191
-
SHA512
4870ca22a21e97b1e64028dd9cae7a7f9d64f507921a1c2aabb487b43912a9a0004112dbbe08a72880be2f088c35ff96b264fc4aefe855ef1a2bd2b519678dbe
-
SSDEEP
3072:ytDulZKksFzZjDDeqCe5ToU21kkH2ip0KuPk2afiMpltkrkbtNLWGtdem:y6KksVrIU2ykH2ipsPnafFlerkb3LrtF
Malware Config
Targets
-
-
Target
c350fa828c91aad3d58b891fb0be2a22_JaffaCakes118
-
Size
173KB
-
MD5
c350fa828c91aad3d58b891fb0be2a22
-
SHA1
00cf7b3ca77056322b4004f78b053465c4fc39c8
-
SHA256
e8261db9b6411dcf2c129312e9403c2d2e65530b231f26c1ed23df2d9c45a191
-
SHA512
4870ca22a21e97b1e64028dd9cae7a7f9d64f507921a1c2aabb487b43912a9a0004112dbbe08a72880be2f088c35ff96b264fc4aefe855ef1a2bd2b519678dbe
-
SSDEEP
3072:ytDulZKksFzZjDDeqCe5ToU21kkH2ip0KuPk2afiMpltkrkbtNLWGtdem:y6KksVrIU2ykH2ipsPnafFlerkb3LrtF
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modifies WinLogon for persistence
-
Modiloader family
-
ModiLoader Second Stage
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1