Overview

overview

10

Static

static

3

cc86c285e7...18.exe

windows7-x64

10

cc86c285e7...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cc86c285e7a78befa3cc7e1819869967_JaffaCakes118

  • Size

    733KB

  • Sample

    240831-k1lfcawbqg

  • MD5

    cc86c285e7a78befa3cc7e1819869967

  • SHA1

    0d63eaabb3d4c0746c609c764494cbafb9f99d23

  • SHA256

    7f7cd3124908d82d8985f7e64e8286d1730263f9b3fa86571790b22416aab5da

  • SHA512

    a23ad71b72f4c49f61fab511b205e042ed6e4ffb3559f6382de598a46e4658e3c98f063f383e84485cce7aa1a8aa33917669f2a94bea658cfeeebf27eb60ccf4

  • SSDEEP

    12288:+PjXQdlDYNdioebrzswq5JDLTr7ShGD85MXYBlkqJBxy543Hs7Gu9GRuxD:+qsNwbrSJDLHGhGD85H/RJH9+59lxD

Score
10/10
modiloaderbootkitdiscoverypersistencetrojan

Malware Config

Targets

    • Target

      cc86c285e7a78befa3cc7e1819869967_JaffaCakes118

    • Size

      733KB

    • MD5

      cc86c285e7a78befa3cc7e1819869967

    • SHA1

      0d63eaabb3d4c0746c609c764494cbafb9f99d23

    • SHA256

      7f7cd3124908d82d8985f7e64e8286d1730263f9b3fa86571790b22416aab5da

    • SHA512

      a23ad71b72f4c49f61fab511b205e042ed6e4ffb3559f6382de598a46e4658e3c98f063f383e84485cce7aa1a8aa33917669f2a94bea658cfeeebf27eb60ccf4

    • SSDEEP

      12288:+PjXQdlDYNdioebrzswq5JDLTr7ShGD85MXYBlkqJBxy543Hs7Gu9GRuxD:+qsNwbrSJDLHGhGD85H/RJH9+59lxD

    Score
    10/10
    modiloaderbootkitdiscoverypersistencetrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks