Overview

overview

10

Static

static

3

cfd97aed29...18.exe

windows7-x64

10

cfd97aed29...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cfd97aed2928e3fa0187aa5c472a4014_JaffaCakes118

  • Size

    429KB

  • Sample

    240906-svnyaathqf

  • MD5

    cfd97aed2928e3fa0187aa5c472a4014

  • SHA1

    5f0d0fa3caa1397eecd2559ce58b2396671f3e75

  • SHA256

    b79a64a834ebe149ab60c0f5e784a2a699b4fd284e8776eed33c0c9629a8e6c6

  • SHA512

    d680f738da045888a9b8ce1ad7449ec9ba2c79ed4d127746d14cc2dd4b366388a9af6a0226ec920744e1e3d8ed1842427fcbc87074df4120fe0ee09c64f42be5

  • SSDEEP

    12288:m46XfBBC1iVu8735uzXcdVOeKENtTird:A/CQVf5GcTOp0TEd

Score
10/10
modiloaderbootkitdiscoverypersistencetrojan

Malware Config

Targets

    • Target

      cfd97aed2928e3fa0187aa5c472a4014_JaffaCakes118

    • Size

      429KB

    • MD5

      cfd97aed2928e3fa0187aa5c472a4014

    • SHA1

      5f0d0fa3caa1397eecd2559ce58b2396671f3e75

    • SHA256

      b79a64a834ebe149ab60c0f5e784a2a699b4fd284e8776eed33c0c9629a8e6c6

    • SHA512

      d680f738da045888a9b8ce1ad7449ec9ba2c79ed4d127746d14cc2dd4b366388a9af6a0226ec920744e1e3d8ed1842427fcbc87074df4120fe0ee09c64f42be5

    • SSDEEP

      12288:m46XfBBC1iVu8735uzXcdVOeKENtTird:A/CQVf5GcTOp0TEd

    Score
    10/10
    modiloaderbootkitdiscoverypersistencetrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks