General
-
Target
f202bf634484e0cb9c3b9f92170e4a9c_JaffaCakes118
-
Size
748KB
-
Sample
241215-dnwxzssld1
-
MD5
f202bf634484e0cb9c3b9f92170e4a9c
-
SHA1
a3369e0d10839cd0709f8f86ebacc24574a85dcb
-
SHA256
2df20f4c1df335e0d97e92a6c2b5e9d5f927ec55fc2c31490f7f025d0ebb2936
-
SHA512
105e560172f0a6e7b9219d21ae879137f8a244fcaf6340e5adba1f9f2bda94893e0e15a5cbb5c51125e81e62d346a56a98ee5765201c90ee2022f5036e3ae98a
-
SSDEEP
12288:a4uS9dPsdgcpSoFv9gH9/sCaKSc9D1gtje5UkxX4PROZ32h1Jkk7w3y909:aPE2SYvWHxHf59xgtje5resGjJD7w3yW
Malware Config
Targets
-
-
Target
f202bf634484e0cb9c3b9f92170e4a9c_JaffaCakes118
-
Size
748KB
-
MD5
f202bf634484e0cb9c3b9f92170e4a9c
-
SHA1
a3369e0d10839cd0709f8f86ebacc24574a85dcb
-
SHA256
2df20f4c1df335e0d97e92a6c2b5e9d5f927ec55fc2c31490f7f025d0ebb2936
-
SHA512
105e560172f0a6e7b9219d21ae879137f8a244fcaf6340e5adba1f9f2bda94893e0e15a5cbb5c51125e81e62d346a56a98ee5765201c90ee2022f5036e3ae98a
-
SSDEEP
12288:a4uS9dPsdgcpSoFv9gH9/sCaKSc9D1gtje5UkxX4PROZ32h1Jkk7w3y909:aPE2SYvWHxHf59xgtje5resGjJD7w3yW
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
4Credentials In Files
4