Overview

overview

10

Static

static

10

access.dll

windows7-x64

1

access.dll

windows10-2004-x64

1

l2c.exe

windows7-x64

10

l2c.exe

windows10-2004-x64

10

l2cserv.exe

windows7-x64

10

l2cserv.exe

windows10-2004-x64

10

l2net.exe

windows7-x64

10

l2net.exe

windows10-2004-x64

10

l2update.exe

windows7-x64

7

l2update.exe

windows10-2004-x64

7

proc.dll

windows7-x64

1

proc.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    942f2e2a4446cfd70a4244cd223b56c4_JaffaCakes118

  • Size

    4.9MB

  • Sample

    240604-khxqnaba3v

  • MD5

    942f2e2a4446cfd70a4244cd223b56c4

  • SHA1

    14faf4f53f27c44b504de73a2836b391cc6d2617

  • SHA256

    e9e96bfcecf2f4fdc536cb0e8b1b2a08cb660f4b73a87099deeb7cbf0cb62210

  • SHA512

    a0644fff674365a2a79076647adfec9d58aebe5e58cb9ff1b8392430a7902b1b3731019ffac0a037ddf90f22071529b6f9aac22a3f2ee6a7021ada4960532c00

  • SSDEEP

    98304:cpEC9dCddyqAbQTnKNaLRiv1vtknr5RdMk8h4aMesIqcdoB+UHaTIU:cpZ9kddhAbyKNxtv2rrdd867erxdoBho

Score
10/10
modiloadertrojanupx

Malware Config

Targets

    • Target

      access.dat

    • Size

      52KB

    • MD5

      68557856c6851353c1578b7cb5b4e71e

    • SHA1

      53596c8a185143fca8cb3890155369b6495aebad

    • SHA256

      e62eea6b342443b075fe1cedebf2eba82448524197abce17263d2d00cc0aed61

    • SHA512

      f84e7a169c0b52be5d261d2e6c49b030443760b82a3e3437e1281c7f98d46345f8519309471f97dc80aa42d7d18ba4b8e80d07681c48ead0ef26e5732eb3f24b

    • SSDEEP

      384:BXzN3gJdY59tTulkbETxYJx6y2DfiqoYBUcz837yI4h9lxovS1fJuUIiho38o8OP:BjmwTulXtEOfZBe7kHovsJI38od54

    Score
    1/10
    behavioral1behavioral2

    • Target

      l2c.exe

    • Size

      9.5MB

    • MD5

      de62c328c41a5001cf64d9211d86b521

    • SHA1

      be7ccc7eaf87513a4042572f070fe2d0a400a044

    • SHA256

      fa6689da04dca6a996abc167acfdb85e7b4e16cd70cf24f6e2b0b6f5a80e40a8

    • SHA512

      1599aac2b0a4a7275f9785832a33e33c08557cbc199d98f9c095e51ca6b1172930a88a848a482de74fa878cb751a2ba07563f24478251191fc64cab4e9f1a25c

    • SSDEEP

      98304:BmGVKzTGQfyx5BAAYQhN/P732eAbipaQDOZc/nESQ8HzNQo:4GcyxvdGeAboM8HK

    Score
    10/10
    modiloadertrojanupx

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader First Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral3behavioral4

    • Target

      l2cserv.exe

    • Size

      259KB

    • MD5

      732f7f538e489b35dd7cc423e92734f5

    • SHA1

      4520009153dfddf4c5c6ba5a0770e7209ecf5ed1

    • SHA256

      ca729340425501bc860d94fea586836205ff2aa5ab8d045a3c14c6b53c80f869

    • SHA512

      9f09ca5372b304ec693d7ae7965da9729cdd81c6925256a108d82b6e9fdc5396438c0d9d6b49f40cf57671880a098bc2c1d6a0dcdbf89ff7cfe610862cd60995

    • SSDEEP

      6144:/+XxGlvGkOlsAmNUrwG1xB9Yko6Nv9fJvAcc:/+haO3g+rw8c6NvbYc

    Score
    10/10
    modiloadertrojanupx

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader First Stage

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral5behavioral6

    • Target

      l2net.exe

    • Size

      248KB

    • MD5

      2dde664edfcb9c52c0b4d74b5a4f7792

    • SHA1

      80f34dff2ae3b5e3deaf709f290d4ea1da29815c

    • SHA256

      7c700c7b2e11ad43127fbce2ca4ed318a17c3d18660f01ac72eb64aa2e61917d

    • SHA512

      a7e539fcf3fdc41934f10061fd194d41e88e7d33346eb9626dda1f0bdd81d9034918284cd30f3c43410209d2abfcaac0c85861155913363d18af39f52ebb0410

    • SSDEEP

      6144:kiit/rw07BjdFdp7I3so9RfPpEFMq8Qj001S:krt/Rnny8OZEr8yXs

    Score
    10/10
    modiloadertrojanupx

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader First Stage

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral7behavioral8

    • Target

      l2update.exe

    • Size

      180KB

    • MD5

      662191bd40429bf0795ac9221ded4d05

    • SHA1

      58da8cae0266631ee66c6979a2cb52c664cd2bb1

    • SHA256

      53ff9e6f64b0372aaff6647b6bec6c88dd0d40f95e3faae3c9ad498c161c6345

    • SHA512

      d04b0ccf934fdc02cc3747255403dd516fc8e1f4b970ef80aa6ed8fc415aab66f9465c7659405fb70453389f33419d3dda0791fac747ff59b4ee00d9f724205a

    • SSDEEP

      3072:0DwoNyALb23QAzrED1DAEFWDTOa5+vL+FFZAJLGsTrnTaY9/PFZGr0u7NKvS8tY:WNyALa3rEtxFZasLG02Ik0KUi

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral10behavioral9

    • Target

      proc.dll

    • Size

      462KB

    • MD5

      6aac836bde08d9c6fee6c91cc1ac631f

    • SHA1

      b10817a68208bbeb22172afcd40227a35cee4cda

    • SHA256

      f9d9b9d36c6077f75f86343fcd4cddb1dc4965d42c77e19f60e2515f97e7571b

    • SHA512

      d9901d553bdf0acb92ed0b92bd14ec4f9d11e7ffeb534ae4fe664e14bfe917d2434f09e945c07bdc0b4da0dc13cb65829c7f066ee6d87452ba5bbbcdf900a1b4

    • SSDEEP

      6144:HEKrFfU19u5mbwAKKzqMmrDmM6GBCpBns2OJBCQf3rt63AQ49VYDQxc/D:HEKlGu5mk/KzqMmr91p2ECQfw3CVYHD

    Score
    3/10
    behavioral11behavioral12

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks