General

  • Target

    JaffaCakes118_18474dfac7776fa5b017b3e8ec8857aeea0be3f49340ee34fea5fc19a8fb5dc2

  • Size

    441KB

  • Sample

    241224-sjaarazqhq

  • MD5

    706a23d53aedc4d844b9a6637d6ac298

  • SHA1

    bad405bf77a2225fe131219bc5a1e1ac4c400bb0

  • SHA256

    18474dfac7776fa5b017b3e8ec8857aeea0be3f49340ee34fea5fc19a8fb5dc2

  • SHA512

    06fd3691e2c53d207eeba546cc0a312d00e8b52c7a4e9dadafbf86b731f5c98fa6d338971eb32fa6482e5dfb27a3715486299c6fc94a97af2cd933774d151d47

  • SSDEEP

    12288:p2JPTmvVGmqge/7mVVM7wwan4+YI8ppZTvztp7EBVfKqDQnj:sBme/78u79+YISHvz/Mfxsnj

Malware Config

Extracted

Family

modiloader

C2

https://cdn.discordapp.com/attachments/747123935576981508/770142837190033429/Tjwtaaa

Targets

    • Target

      Inv26619,pdf.exe

    • Size

      1.0MB

    • MD5

      fd9e9a423b59e4e4261163b9cf69df3f

    • SHA1

      280bc3a0c0f8ea0e9784830a4d85fa87549195f8

    • SHA256

      f1721957f855e471c1ed489ed14a6ac5d74b532c3dee995ecc8e022a12102546

    • SHA512

      42b71c54316a1c3ca908c18593161db1862faefbbfa69631008924319ea2c5d0f29e6252dfe78a357caf1f76516422dfbc876ced96d63b50c6eb31ce6b712dbe

    • SSDEEP

      12288:nVCTeZF541To2ztd5/IEAHqDPD3PDQnA/g07SVllMweV+8YZqckawUNlY7RA5aR:nVCCa1Rzt0EAHqf36EFAKlujY/

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modiloader family

    • ModiLoader First Stage

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks