Overview

overview

10

Static

static

10

b68895fafc...18.exe

windows7-x64

10

b68895fafc...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b68895fafc74a0af8638a3cf9031b4cf_JaffaCakes118

  • Size

    271KB

  • Sample

    240617-dxckpssale

  • MD5

    b68895fafc74a0af8638a3cf9031b4cf

  • SHA1

    26021c4cc8f937860e4de3915f914f211250166c

  • SHA256

    e08cb3abb375fa302d406352c370e563d59d2d7cf382afb9f8c3c1a6f8d8deda

  • SHA512

    15d0e3ac76aff4bd7cc2f3bc05706ecd18744d7ff288ad768dc4c17f7a15a5489d612b8bea0f0490707a1900d13af92d6aa63afe8dea32929a2f043102cc7551

  • SSDEEP

    6144:aG377xS2Vp2CeiorXhwTBO153LpcCJJvH:Jr7xS2Vp6FwTCbJJvH

Score
10/10
modiloaderevasionpersistencetrojan

Malware Config

Targets

    • Target

      b68895fafc74a0af8638a3cf9031b4cf_JaffaCakes118

    • Size

      271KB

    • MD5

      b68895fafc74a0af8638a3cf9031b4cf

    • SHA1

      26021c4cc8f937860e4de3915f914f211250166c

    • SHA256

      e08cb3abb375fa302d406352c370e563d59d2d7cf382afb9f8c3c1a6f8d8deda

    • SHA512

      15d0e3ac76aff4bd7cc2f3bc05706ecd18744d7ff288ad768dc4c17f7a15a5489d612b8bea0f0490707a1900d13af92d6aa63afe8dea32929a2f043102cc7551

    • SSDEEP

      6144:aG377xS2Vp2CeiorXhwTBO153LpcCJJvH:Jr7xS2Vp6FwTCbJJvH

    Score
    10/10
    modiloaderevasionpersistencetrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • UAC bypass

      evasiontrojan

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks