General
-
Target
e9398172ed43830119acfa9cace4305f_JaffaCakes118
-
Size
719KB
-
Sample
241213-bvmlsatqfv
-
MD5
e9398172ed43830119acfa9cace4305f
-
SHA1
0cef44868d926773f72aff7bf7b63bb607148b17
-
SHA256
a9b65cc2e810961c34de6d4806cd8e235eb21e54bb561c8323809c1914468517
-
SHA512
a25b2ed44c2f368a7beaa2b3b9699b0fe0863a2ce912358bdca23782dcbc70c3a38f9e62ab4a486fe83ecedc34b55b9e504a866d0fbc04cd14a93a760fec8231
-
SSDEEP
12288:6XgPVmsO7H+JeYkZQors8sEyMGXxeHlX4EEPSwDfAmgBJbf8AwnBrRm8dZ/X:AoZ3J78GkX4bEmCb+rRvZ/X
Malware Config
Targets
-
-
Target
e9398172ed43830119acfa9cace4305f_JaffaCakes118
-
Size
719KB
-
MD5
e9398172ed43830119acfa9cace4305f
-
SHA1
0cef44868d926773f72aff7bf7b63bb607148b17
-
SHA256
a9b65cc2e810961c34de6d4806cd8e235eb21e54bb561c8323809c1914468517
-
SHA512
a25b2ed44c2f368a7beaa2b3b9699b0fe0863a2ce912358bdca23782dcbc70c3a38f9e62ab4a486fe83ecedc34b55b9e504a866d0fbc04cd14a93a760fec8231
-
SSDEEP
12288:6XgPVmsO7H+JeYkZQors8sEyMGXxeHlX4EEPSwDfAmgBJbf8AwnBrRm8dZ/X:AoZ3J78GkX4bEmCb+rRvZ/X
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1