Overview

overview

10

Static

static

3

cf3c1ec9cc...18.exe

windows7-x64

10

cf3c1ec9cc...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cf3c1ec9cc1e570356096be466ed2374_JaffaCakes118

  • Size

    474KB

  • Sample

    240906-ljxbysyfnn

  • MD5

    cf3c1ec9cc1e570356096be466ed2374

  • SHA1

    d04debd40be83b3caaccae381a0ea99a0a5e442f

  • SHA256

    539db210ae1c8ff9fdf2d8fad56db9d1fa3667df7164e88d55100b37c4f8f291

  • SHA512

    7ef94140d8ea3d60dd607afcb2ae4b0f9c19d4048ecdba4567a619ccc198df818bcb04bba1418b0b84002673e8f3d2c845cf29fcadb50908c4167d7b16e6ec1c

  • SSDEEP

    12288:iC9bhvmmj+w6MF3Z4mxx9nUqGGGkYThd5UcOuii6:B9bhvmNwJQmX1UVGGk6PrOuU

Score
10/10
modiloaderdefense_evasiondiscoverytrojanupx

Malware Config

Targets

    • Target

      cf3c1ec9cc1e570356096be466ed2374_JaffaCakes118

    • Size

      474KB

    • MD5

      cf3c1ec9cc1e570356096be466ed2374

    • SHA1

      d04debd40be83b3caaccae381a0ea99a0a5e442f

    • SHA256

      539db210ae1c8ff9fdf2d8fad56db9d1fa3667df7164e88d55100b37c4f8f291

    • SHA512

      7ef94140d8ea3d60dd607afcb2ae4b0f9c19d4048ecdba4567a619ccc198df818bcb04bba1418b0b84002673e8f3d2c845cf29fcadb50908c4167d7b16e6ec1c

    • SSDEEP

      12288:iC9bhvmmj+w6MF3Z4mxx9nUqGGGkYThd5UcOuii6:B9bhvmNwJQmX1UVGGk6PrOuU

    Score
    10/10
    modiloaderdefense_evasiondiscoverytrojanupx

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • Deletes itself

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks