General

  • Target

    d013a12846f21ff7180705e466f9ae04_JaffaCakes118

  • Size

    610KB

  • Sample

    241207-b5gtaavmer

  • MD5

    d013a12846f21ff7180705e466f9ae04

  • SHA1

    d7dd9b939f28e9d673d4951f77ceb9f6e8ba7607

  • SHA256

    ce833267639ef730d084fd98e46cb6be064bd49756b4e0360705d7549c8e268e

  • SHA512

    aacc175e63c2149feab5b97083c2116283ab690d688a72e7cbbd374804b810305161057fd9ffdd22d633c0e624841aaf2eba260b895bf218c343769a2a216298

  • SSDEEP

    12288:LXm81sjZi4f7gqVMhux0H/D0YCbCJ63XtmySWoVYi9G:LXm8m9bT2TgjbkStdPoB9G

Malware Config

Targets

    • Target

      d013a12846f21ff7180705e466f9ae04_JaffaCakes118

    • Size

      610KB

    • MD5

      d013a12846f21ff7180705e466f9ae04

    • SHA1

      d7dd9b939f28e9d673d4951f77ceb9f6e8ba7607

    • SHA256

      ce833267639ef730d084fd98e46cb6be064bd49756b4e0360705d7549c8e268e

    • SHA512

      aacc175e63c2149feab5b97083c2116283ab690d688a72e7cbbd374804b810305161057fd9ffdd22d633c0e624841aaf2eba260b895bf218c343769a2a216298

    • SSDEEP

      12288:LXm81sjZi4f7gqVMhux0H/D0YCbCJ63XtmySWoVYi9G:LXm8m9bT2TgjbkStdPoB9G

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modiloader family

    • ModiLoader Second Stage

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks