Overview

overview

10

Static

static

3

a63af4cbcb...18.exe

windows7-x64

10

a63af4cbcb...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    a63af4cbcb6b732657516d84f5f0138d_JaffaCakes118

  • Size

    177KB

  • Sample

    240818-lcfevszdll

  • MD5

    a63af4cbcb6b732657516d84f5f0138d

  • SHA1

    61e3254dbcf86fb7cd588558850c8943241e2c66

  • SHA256

    9e3e994ef54f005063d0a8faa782c636052a1416582a222dce808ed396a9363e

  • SHA512

    75811483a7eab912be46b6d77fbec954cbb71f6ce52feebf3e11d01c21d35d8d68438b1a81a485024f519112b64536336787272d23f3910317f43c263db0cd9a

  • SSDEEP

    3072:f8aj7YwE4r+UVF8lqL5nUlsVDIZ29w9P1u+TEf8048VVOFFxmHhR3+t:Uy1ER8FhUliDIZ29Etu+T480/VIx+ut

Score
10/10
modiloaderdiscoverypersistencetrojan

Malware Config

Targets

    • Target

      a63af4cbcb6b732657516d84f5f0138d_JaffaCakes118

    • Size

      177KB

    • MD5

      a63af4cbcb6b732657516d84f5f0138d

    • SHA1

      61e3254dbcf86fb7cd588558850c8943241e2c66

    • SHA256

      9e3e994ef54f005063d0a8faa782c636052a1416582a222dce808ed396a9363e

    • SHA512

      75811483a7eab912be46b6d77fbec954cbb71f6ce52feebf3e11d01c21d35d8d68438b1a81a485024f519112b64536336787272d23f3910317f43c263db0cd9a

    • SSDEEP

      3072:f8aj7YwE4r+UVF8lqL5nUlsVDIZ29w9P1u+TEf8048VVOFFxmHhR3+t:Uy1ER8FhUliDIZ29Etu+T480/VIx+ut

    Score
    10/10
    modiloaderdiscoverypersistencetrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Modifies WinLogon for persistence

      persistence

    • ModiLoader Second Stage

    • Adds policy Run key to start application

      persistence

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks