Overview

overview

10

Static

static

3

JaffaCakes...d8.exe

windows7-x64

7

JaffaCakes...d8.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

AIPR.exe

windows7-x64

10

AIPR.exe

windows10-2004-x64

10

aipr.chm

windows7-x64

1

aipr.chm

windows10-2004-x64

1

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_e59e6e1081087847cb0b296e491b71d8

  • Size

    726KB

  • Sample

    250120-ng2j1awrhm

  • MD5

    e59e6e1081087847cb0b296e491b71d8

  • SHA1

    b35cc7dc10ebd75d46d6e66478f17107713a8eb0

  • SHA256

    6e341a169924d71f2451a4b76562a14e2d2bdad3d312af72eedbf90e3b7a40e7

  • SHA512

    4306ab6ec1b476529f682e6873cbe8bc4ac692d2c1268ea2893b4c3a8198125855251a1cc7e2837c677fdc6c50bb71e6f8e8a0f596ab88609eb9d0baf1287388

  • SSDEEP

    12288:hWdAfHjNYxUAWJONMzhzliQDL63eAQo7qDJFIh8UPJK4nDAc+uyT7tR7gGcv97xz:hli+JO2zdDEfQo7oI6K71Jyvngnxz

Score
10/10
modiloaderbootkitdiscoverypersistencetrojan

Malware Config

Targets

    • Target

      JaffaCakes118_e59e6e1081087847cb0b296e491b71d8

    • Size

      726KB

    • MD5

      e59e6e1081087847cb0b296e491b71d8

    • SHA1

      b35cc7dc10ebd75d46d6e66478f17107713a8eb0

    • SHA256

      6e341a169924d71f2451a4b76562a14e2d2bdad3d312af72eedbf90e3b7a40e7

    • SHA512

      4306ab6ec1b476529f682e6873cbe8bc4ac692d2c1268ea2893b4c3a8198125855251a1cc7e2837c677fdc6c50bb71e6f8e8a0f596ab88609eb9d0baf1287388

    • SSDEEP

      12288:hWdAfHjNYxUAWJONMzhzliQDL63eAQo7qDJFIh8UPJK4nDAc+uyT7tR7gGcv97xz:hli+JO2zdDEfQo7oI6K71Jyvngnxz

    Score
    7/10
    discovery

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      12KB

    • MD5

      4c7d97d0786ff08b20d0e8315b5fc3cb

    • SHA1

      bb6f475e867b2bf55e4cd214bd4ef68e26d70f6c

    • SHA256

      75e20f4c5eb00e9e5cb610273023e9d2c36392fa3b664c264b736c7cc2d1ac84

    • SHA512

      f37093fd5cdda74d8f7376c60a05b442f884e9d370347c7c39d84eca88f23fbea6221da2e57197acd78c817a74703c49fb28b89d41c3e34817cc9301b0b6485a

    • SSDEEP

      192:6KdqJ4Bhf1mdCMI26t510swClJOeFIsm7F1QuPs:6KdE4zAddwR0swqOeFxu

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/StartMenu.dll

    • Size

      6KB

    • MD5

      388c408cff35a38d04e3cda18f63af07

    • SHA1

      9c2aa2ed8b526ace4267acbcf5648b2601019ac4

    • SHA256

      4f945ad53b7aa8ed516b2f58c2ed9f15c13bbdf0e489d71c7347b80583cee5fd

    • SHA512

      542292d61ff209f6c98c62ebad549024611a7d42fb951f8cc211b886f0d202d5e0da3b754c84c8a00043c748ed527351fc524357412cf88875e6bf729cbba46f

    • SSDEEP

      96:MFJsQxcnqakqeStS6+NMKQwECv0nGhFZxTxZ05hU/61:C9xcnqakCN+N9n0na1K5y61

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      AIPR.exe

    • Size

      619KB

    • MD5

      fa2cd2d664fe3f39f906c1a08c39d2f0

    • SHA1

      dc420b5fe928fc50ce40700c013c72b2be4b1eb6

    • SHA256

      6c69521f736b5fbe7b61dafd872eb7eef16b47e07c7ac2953eaa098ed02ebdc8

    • SHA512

      20cb3e3f1fce0c63b7c5d2a23fa0f9f9f58f0d599f14ee3e6c934f54b32e61fafd5063f2f7473e07e3c2d2bdecbdd54bfbfca6731bb22386293837bb732ba400

    • SSDEEP

      12288:ByQo2YxUATJONqzhzlKQDL6PeAJo7qDhVZTZ9/+Ac+utTrO40Xy400:4rJOkz1DqfJo7QVZN9/CJtXO4i00

    Score
    10/10
    modiloaderbootkitdiscoverypersistencetrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Modiloader family

      modiloader

    • ModiLoader First Stage

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral7behavioral8

    • Target

      aipr.chm

    • Size

      72KB

    • MD5

      b20c33a2ea94ea2283d3d46c5717ad1d

    • SHA1

      e7731c44df2836d4ff09c764588b04e9b1f90030

    • SHA256

      7d81b54340949294e6a6947f4ebc0383e865d39ae54887ea65b68606cd5da97a

    • SHA512

      688c516e19f5db5e08b4e57ba18f72aaabc0d5c60d0927f0e09cffda601f2d933b1c6e5e937c6a8aa7b5dc74f18d5f98142d0df87fd77503040385bc05615f78

    • SSDEEP

      1536:anSR+Yvhz1f0b2IqQ6AuxYcOe6WzukBlWUFbfjqJ9:aSTZz1cYhj5OeHCkBlWSnqJ9

    Score
    1/10
    behavioral10behavioral9

    • Target

      uninst.exe

    • Size

      35KB

    • MD5

      9331b82efd50c1085b8b01a34a4ff6ff

    • SHA1

      de8d2e8dff020e724171c08ddaaff1554ab404c1

    • SHA256

      f5ff33f631031a3995edad59bed55902032192c65ea3d6123ed47ea60fcee4f4

    • SHA512

      e00ee2395e8cb48c7554c604a14f1cdf9830d3930c580c0d482e7bc965f953828383e182b86a06263f1946883e6d8ec6f52199218bba22cbb8b06e2309d098ce

    • SSDEEP

      768:ZFe0D3XjRal6bOS90v2iMrTxRX0I666Sr2ZvMjBtL3MBJREAMa:Te0DnjRrJav2FnUIRr2vMYBJREAJ

    Score
    7/10
    discovery

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral11behavioral12

MITRE ATT&CK Enterprise v15

Tasks