General

  • Target

    JaffaCakes118_6066c9bbba0020145bb7a3fde6e576e2

  • Size

    245KB

  • Sample

    250101-ytnh1stphn

  • MD5

    6066c9bbba0020145bb7a3fde6e576e2

  • SHA1

    1591569d535f954d88bf9eb035cad40b89762771

  • SHA256

    b4f5b3900af82785d0856347fc2f0ffc20923c7c7f06fdbd4d167301feda2f8d

  • SHA512

    de31d8280ebb3ec70f56aa3b58dec5654e48b98adb482840f8550c7b565a118d38d58dc8a43307a302d04401ff982850a7807d692229cb268797bfee5c604ad6

  • SSDEEP

    6144:0lvvkebURl/5ZcPkScd1iBHa6mwaeqzPmsP1:0NhURp5ZccfMJmw9q6g

Malware Config

Targets

    • Target

      JaffaCakes118_6066c9bbba0020145bb7a3fde6e576e2

    • Size

      245KB

    • MD5

      6066c9bbba0020145bb7a3fde6e576e2

    • SHA1

      1591569d535f954d88bf9eb035cad40b89762771

    • SHA256

      b4f5b3900af82785d0856347fc2f0ffc20923c7c7f06fdbd4d167301feda2f8d

    • SHA512

      de31d8280ebb3ec70f56aa3b58dec5654e48b98adb482840f8550c7b565a118d38d58dc8a43307a302d04401ff982850a7807d692229cb268797bfee5c604ad6

    • SSDEEP

      6144:0lvvkebURl/5ZcPkScd1iBHa6mwaeqzPmsP1:0NhURp5ZccfMJmw9q6g

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modiloader family

    • ModiLoader Second Stage

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks