Overview

overview

10

Static

static

10

05a721f1a2...18.exe

windows7-x64

10

05a721f1a2...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    05a721f1a2c81ca505b7ac1c968b89ec_JaffaCakes118

  • Size

    96KB

  • Sample

    240620-ns4hqszbrq

  • MD5

    05a721f1a2c81ca505b7ac1c968b89ec

  • SHA1

    50ac99203449a968ec880fb6d296805189e49c7f

  • SHA256

    38f87cd2972d0d6bdfdcee1989ebf0aa262c41247feab6af4c00b8f9ee2dfa6c

  • SHA512

    1fa151ddc5f195e15b33670ca398055e5e4496f80c191aa55f7cd90e4e3e4bcffea983b01f3c4696bdbbfc11add52c2aa619b3a30ea5f9a76ab05c4d143b2529

  • SSDEEP

    1536:sTqaxQU2FIrx1LCPYhOaXrtwLOeKNsHpR2GNcI2Eekn+laEs64H0/KR0NBAY6GP:2xr2lPYUaXrtwLOhGCI3oYEsP30NH6i

Score
10/10
modiloaderadwareevasionstealertrojan

Malware Config

Targets

    • Target

      05a721f1a2c81ca505b7ac1c968b89ec_JaffaCakes118

    • Size

      96KB

    • MD5

      05a721f1a2c81ca505b7ac1c968b89ec

    • SHA1

      50ac99203449a968ec880fb6d296805189e49c7f

    • SHA256

      38f87cd2972d0d6bdfdcee1989ebf0aa262c41247feab6af4c00b8f9ee2dfa6c

    • SHA512

      1fa151ddc5f195e15b33670ca398055e5e4496f80c191aa55f7cd90e4e3e4bcffea983b01f3c4696bdbbfc11add52c2aa619b3a30ea5f9a76ab05c4d143b2529

    • SSDEEP

      1536:sTqaxQU2FIrx1LCPYhOaXrtwLOeKNsHpR2GNcI2Eekn+laEs64H0/KR0NBAY6GP:2xr2lPYUaXrtwLOhGCI3oYEsP30NH6i

    Score
    10/10
    modiloaderadwareevasionstealertrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Modifies firewall policy service

      evasion

    • ModiLoader Second Stage

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks