Overview

overview

10

Static

static

3

cd320402ca...18.exe

windows7-x64

10

cd320402ca...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cd320402ca64cd9e1a831f8b12d039ad_JaffaCakes118

  • Size

    2.0MB

  • Sample

    240831-t97vdavbjg

  • MD5

    cd320402ca64cd9e1a831f8b12d039ad

  • SHA1

    26c85b3293670b592a7a57e5c141f2c704876faf

  • SHA256

    d4abc502955492c69d3fda7b3155fdcc80f344fb77d6c3a4bc9978d321d1fd48

  • SHA512

    2d706c0c5ccac9637f23c368d0e321141815625995a91e0ec4de5a938eb148f95fcdad2de43d16ba0b794810ae88b795954e0224bae4099c3887a13d66c91b47

  • SSDEEP

    49152:PSB/iFEWhWOTzlYIwD7/A9tQcKlyhty13IMeB2UlcAT:TFzWRT/YtElat4jdU

Score
10/10
modiloaderdiscoveryevasiontrojan

Malware Config

Targets

    • Target

      cd320402ca64cd9e1a831f8b12d039ad_JaffaCakes118

    • Size

      2.0MB

    • MD5

      cd320402ca64cd9e1a831f8b12d039ad

    • SHA1

      26c85b3293670b592a7a57e5c141f2c704876faf

    • SHA256

      d4abc502955492c69d3fda7b3155fdcc80f344fb77d6c3a4bc9978d321d1fd48

    • SHA512

      2d706c0c5ccac9637f23c368d0e321141815625995a91e0ec4de5a938eb148f95fcdad2de43d16ba0b794810ae88b795954e0224bae4099c3887a13d66c91b47

    • SSDEEP

      49152:PSB/iFEWhWOTzlYIwD7/A9tQcKlyhty13IMeB2UlcAT:TFzWRT/YtElat4jdU

    Score
    10/10
    modiloaderdiscoveryevasiontrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks