Overview

overview

10

Static

static

3

d0d1755568...18.exe

windows7-x64

10

d0d1755568...18.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d0d175556893dc1c13a733f3a95e027f_JaffaCakes118

  • Size

    23KB

  • Sample

    240907-b33mzaydrl

  • MD5

    d0d175556893dc1c13a733f3a95e027f

  • SHA1

    97d85d6324bc9c7816da3e93c6d6e1bd6a7c7658

  • SHA256

    3b468abdc4486f037a4e2c8fd1d86163b72103b87994afcea1e77c9760e345d9

  • SHA512

    a909718cbe1c0f17533c9d4a0c5f4b64b0044eb14ca22cdc8f7b2d64f63ec7756b41f7bea31b282d00d894208551c3e3169d8aa02b6add12ef4a28143632e0e6

  • SSDEEP

    384:lr+TKrjxHi8IzL1fMVbkc3i9Ei0Wrr0g51Bfut/pMEnBVp2Su95EPg+9EJzXCO3G:laM9HixUVbgE2n519sqEoSu96PnEJDpW

Score
10/10
modiloaderdefense_evasiondiscoverytrojan

Malware Config

Targets

    • Target

      d0d175556893dc1c13a733f3a95e027f_JaffaCakes118

    • Size

      23KB

    • MD5

      d0d175556893dc1c13a733f3a95e027f

    • SHA1

      97d85d6324bc9c7816da3e93c6d6e1bd6a7c7658

    • SHA256

      3b468abdc4486f037a4e2c8fd1d86163b72103b87994afcea1e77c9760e345d9

    • SHA512

      a909718cbe1c0f17533c9d4a0c5f4b64b0044eb14ca22cdc8f7b2d64f63ec7756b41f7bea31b282d00d894208551c3e3169d8aa02b6add12ef4a28143632e0e6

    • SSDEEP

      384:lr+TKrjxHi8IzL1fMVbkc3i9Ei0Wrr0g51Bfut/pMEnBVp2Su95EPg+9EJzXCO3G:laM9HixUVbgE2n519sqEoSu96PnEJDpW

    Score
    10/10
    modiloaderdefense_evasiondiscoverytrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • Drops file in Drivers directory

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks