Overview

overview

10

Static

static

3

cfbb165b5c...18.exe

windows7-x64

10

cfbb165b5c...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cfbb165b5c594ad2d367c5ef0149436a_JaffaCakes118

  • Size

    764KB

  • Sample

    240906-rmr5as1bkp

  • MD5

    cfbb165b5c594ad2d367c5ef0149436a

  • SHA1

    0cc27b0f80248a7229d1eef0210c0c0cd106f44d

  • SHA256

    b552feb42d5a2a17b9c4d862fdc586d5347a35b16a7a70e84f0189ed6c9ecff0

  • SHA512

    9c7ee45734ee406193ea40137412da1ee3c4d25e09e954f6f88686654943041e6dffb3bcb828fdaf468a31213f4af9dcda6330465d6e9804118e548bcd549507

  • SSDEEP

    12288:fhrRbar8WElUpyySAyHSM6B4qViPdmF3Z4mxx+/zll/EpM/MMR:fhrROrDElcBuSBFVFQmXqzP

Score
10/10
modiloaderdiscoverytrojan

Malware Config

Targets

    • Target

      cfbb165b5c594ad2d367c5ef0149436a_JaffaCakes118

    • Size

      764KB

    • MD5

      cfbb165b5c594ad2d367c5ef0149436a

    • SHA1

      0cc27b0f80248a7229d1eef0210c0c0cd106f44d

    • SHA256

      b552feb42d5a2a17b9c4d862fdc586d5347a35b16a7a70e84f0189ed6c9ecff0

    • SHA512

      9c7ee45734ee406193ea40137412da1ee3c4d25e09e954f6f88686654943041e6dffb3bcb828fdaf468a31213f4af9dcda6330465d6e9804118e548bcd549507

    • SSDEEP

      12288:fhrRbar8WElUpyySAyHSM6B4qViPdmF3Z4mxx+/zll/EpM/MMR:fhrROrDElcBuSBFVFQmXqzP

    Score
    10/10
    modiloaderdiscoverytrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks