Overview

overview

10

Static

static

3

00129112fc...18.exe

windows7-x64

10

00129112fc...18.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    00129112fcc4ed40a3d1610fe45b321f_JaffaCakes118

  • Size

    276KB

  • Sample

    240619-xpff6s1hql

  • MD5

    00129112fcc4ed40a3d1610fe45b321f

  • SHA1

    fc362343bfd60b0e4c0cc3d469583bd00da7c333

  • SHA256

    45165b43c40d3e82e31498aff22b758655b551b591cf1c694830441d5fe587bc

  • SHA512

    e697dce6c5224b6f6c9a44ae040c357e0329d0e5f130d1f57e8303746b4d4038891c163da0ce30fa367ec6f7356d737ec15f58d06aba467576c4ccd4bf9d0f8b

  • SSDEEP

    6144:hAw6aRtH00JkxR2OTDLgewWSVTeU2lNhjH96PmEtTJG:h3fkDLge3ST52l/j96PRTU

Score
10/10
modiloaderevasiontrojan

Malware Config

Targets

    • Target

      00129112fcc4ed40a3d1610fe45b321f_JaffaCakes118

    • Size

      276KB

    • MD5

      00129112fcc4ed40a3d1610fe45b321f

    • SHA1

      fc362343bfd60b0e4c0cc3d469583bd00da7c333

    • SHA256

      45165b43c40d3e82e31498aff22b758655b551b591cf1c694830441d5fe587bc

    • SHA512

      e697dce6c5224b6f6c9a44ae040c357e0329d0e5f130d1f57e8303746b4d4038891c163da0ce30fa367ec6f7356d737ec15f58d06aba467576c4ccd4bf9d0f8b

    • SSDEEP

      6144:hAw6aRtH00JkxR2OTDLgewWSVTeU2lNhjH96PmEtTJG:h3fkDLge3ST52l/j96PRTU

    Score
    10/10
    modiloaderevasiontrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • UAC bypass

      evasiontrojan

    • ModiLoader Second Stage

    • Loads dropped DLL

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Impair Defenses

1
T1562

Disable or Modify Tools

1
T1562.001

Modify Registry

2
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks