General

  • Target

    JaffaCakes118_26a466c14f61d76653351d93579c3e5fc080a89a9366737fdd8a94c651585b04

  • Size

    445KB

  • Sample

    241224-lsxzvavjfj

  • MD5

    7ebbdef5af6618ee352c0da6e528e8d3

  • SHA1

    05757db45d208e25c7703d0a3eaad3a119d238b7

  • SHA256

    26a466c14f61d76653351d93579c3e5fc080a89a9366737fdd8a94c651585b04

  • SHA512

    5921073167ffe447a45bf156484a1645d91c56047b12bde002f89de708bc3d15897383636c4ba652062fa02856c00b9c0f8d4e4943e3caa135a52e32c2ffe88e

  • SSDEEP

    6144:hQ4a9fgDnQVvH+pZk2DgvdCOPo2d3TKGSIL1EU6u/HQa/rdQbYDspalXyd45hgo6:e4ggDnbpy26ZhKGSIqU6kxQIOaxNLsF

Malware Config

Extracted

Family

modiloader

C2

https://cdn.discordapp.com/attachments/751870937779011659/768357832487206942/Mqsyyyy

Targets

    • Target

      copia scansione slip.bin

    • Size

      1.0MB

    • MD5

      d60b5172ece08495a237ee03bc04a53c

    • SHA1

      d46891a8cf0e7c99508a25c9b8bf8bcd6b795634

    • SHA256

      b2f388545f7efd0d368fdb41b7e424f3eb5336311cfa9cbdf2567464000c2c22

    • SHA512

      219c11ca6991bdf7f1bd9c990d38f5d4987577a9fe2358152807d3ebf1469b3e871da0c15f2221829a14d0ca423eb033c40314dd7e6e1de2c34b1735f5a5e058

    • SSDEEP

      12288:QhVKeF40BRicbRToD1whMmvlThTD3mG91gX2jU6v84fMsdF6sgDlO:QhU0RicG6b9T17mG9uX2N8DkF6pDo

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modiloader family

    • ModiLoader First Stage

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks