Overview

overview

10

Static

static

3

0e8dcda6b6...18.exe

windows7-x64

10

0e8dcda6b6...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    0e8dcda6b6d5e2935469af6571d71f59_JaffaCakes118

  • Size

    293KB

  • Sample

    240625-sqkp3axeje

  • MD5

    0e8dcda6b6d5e2935469af6571d71f59

  • SHA1

    3247c2e04259e7e41f3d01482e79fda8d8e17482

  • SHA256

    44707bed679d9b3f10f4ea82364974788e91271c4f34bc18f9f9734658f8775c

  • SHA512

    0eeecc5b2c2f300baf6c4adc4a20ad6bb7b391406d8109587982809c3bbfe80e4402f809c500eb1fa48c279625de785c0dd32017e9adfed94abd71c92a6730b3

  • SSDEEP

    6144:fYjANvP9cDX1KZJiIv3LAHmJxHSj1ivAxDQkpeTQ+ydB950hgGLJ+GZA5Qys7Z:fYjA1P9aF2iMfRSjMvA5QkpeTQpd9GLK

Score
10/10
modiloadertrojan

Malware Config

Targets

    • Target

      0e8dcda6b6d5e2935469af6571d71f59_JaffaCakes118

    • Size

      293KB

    • MD5

      0e8dcda6b6d5e2935469af6571d71f59

    • SHA1

      3247c2e04259e7e41f3d01482e79fda8d8e17482

    • SHA256

      44707bed679d9b3f10f4ea82364974788e91271c4f34bc18f9f9734658f8775c

    • SHA512

      0eeecc5b2c2f300baf6c4adc4a20ad6bb7b391406d8109587982809c3bbfe80e4402f809c500eb1fa48c279625de785c0dd32017e9adfed94abd71c92a6730b3

    • SSDEEP

      6144:fYjANvP9cDX1KZJiIv3LAHmJxHSj1ivAxDQkpeTQ+ydB950hgGLJ+GZA5Qys7Z:fYjA1P9aF2iMfRSjMvA5QkpeTQpd9GLK

    Score
    10/10
    modiloadertrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks