Overview

overview

10

Static

static

3

00b0f2a6e4...18.exe

windows7-x64

10

00b0f2a6e4...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    00b0f2a6e491fe0215b19a0037dbed36_JaffaCakes118

  • Size

    481KB

  • Sample

    240619-1nsxnaxfkn

  • MD5

    00b0f2a6e491fe0215b19a0037dbed36

  • SHA1

    0744ae66e734d9f7e642960df5fbcddfc3d636ed

  • SHA256

    f051f15c5c975891df9dad69444ff66f0a45cdc5bd19ec16be1aa8d4075f0ceb

  • SHA512

    570eef6e604a2277b59cfdb835f4840e333fdd812c5c79e28fda5216488783595dfb74f140c10f89a40d2c75d0e3c379bd95a61be81b52668e95a6cd618ff3fb

  • SSDEEP

    12288:UJ4kS6ROujO+a/kq1bpvgcrQ0pgjCVkUZbOebJJvH/:JPkhy+a/kqlWczgjCVkU9OUJvH/

Score
10/10
modiloaderevasiontrojan

Malware Config

Targets

    • Target

      00b0f2a6e491fe0215b19a0037dbed36_JaffaCakes118

    • Size

      481KB

    • MD5

      00b0f2a6e491fe0215b19a0037dbed36

    • SHA1

      0744ae66e734d9f7e642960df5fbcddfc3d636ed

    • SHA256

      f051f15c5c975891df9dad69444ff66f0a45cdc5bd19ec16be1aa8d4075f0ceb

    • SHA512

      570eef6e604a2277b59cfdb835f4840e333fdd812c5c79e28fda5216488783595dfb74f140c10f89a40d2c75d0e3c379bd95a61be81b52668e95a6cd618ff3fb

    • SSDEEP

      12288:UJ4kS6ROujO+a/kq1bpvgcrQ0pgjCVkUZbOebJJvH/:JPkhy+a/kqlWczgjCVkU9OUJvH/

    Score
    10/10
    modiloaderevasiontrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • UAC bypass

      evasiontrojan

    • ModiLoader Second Stage

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Impair Defenses

1
T1562

Disable or Modify Tools

1
T1562.001

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks