Overview

overview

10

Static

static

3

JaffaCakes...fb.exe

windows7-x64

10

JaffaCakes...fb.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_2b029a5b9279fd3d0cb27a34af0a96fb

  • Size

    1.0MB

  • Sample

    250113-tlqaesxrd1

  • MD5

    2b029a5b9279fd3d0cb27a34af0a96fb

  • SHA1

    35552a28417d8f26aa842213d2eb40116c419bb0

  • SHA256

    abf0eaef698682a7279cfbedf6cadb8dfdc2e0f51f63c94f5eb5f81291eb53c2

  • SHA512

    ab0505dcf31436984de86633883af2f90e2367a28f4dcbfd0139b8bdcb42f5e9e3dcb77e1292fb74ad6437d6f3481921f21ca9bd6e47c20e98de0bd3b5594eb2

  • SSDEEP

    24576:pO0ve+O4RyOoxXoKZVbB9uuhFMof2Xq8gn0Mmyp+R2mS:p5edBxtZN3F5fSqK6k2mS

Score
10/10
modiloaderbootkitdiscoverypersistencetrojan

Malware Config

Targets

    • Target

      JaffaCakes118_2b029a5b9279fd3d0cb27a34af0a96fb

    • Size

      1.0MB

    • MD5

      2b029a5b9279fd3d0cb27a34af0a96fb

    • SHA1

      35552a28417d8f26aa842213d2eb40116c419bb0

    • SHA256

      abf0eaef698682a7279cfbedf6cadb8dfdc2e0f51f63c94f5eb5f81291eb53c2

    • SHA512

      ab0505dcf31436984de86633883af2f90e2367a28f4dcbfd0139b8bdcb42f5e9e3dcb77e1292fb74ad6437d6f3481921f21ca9bd6e47c20e98de0bd3b5594eb2

    • SSDEEP

      24576:pO0ve+O4RyOoxXoKZVbB9uuhFMof2Xq8gn0Mmyp+R2mS:p5edBxtZN3F5fSqK6k2mS

    Score
    10/10
    modiloaderbootkitdiscoverypersistencetrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Modiloader family

      modiloader

    • ModiLoader Second Stage

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks