Overview

overview

10

Static

static

7

d23059b6f4...18.exe

windows7-x64

10

d23059b6f4...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d23059b6f4695570243cc79f1bf23ae5_JaffaCakes118

  • Size

    642KB

  • Sample

    240907-r8eq4aygqk

  • MD5

    d23059b6f4695570243cc79f1bf23ae5

  • SHA1

    677b0e699c8c514206c2278b1b07675da1e2ffc6

  • SHA256

    2794d450e522f3bcd95a8af8530755a5c11b1323e28e63951088911eff0199e1

  • SHA512

    c007bfb30222ff39e71b3ae5c888b000ee903c6857756ee90993452cbdfec69896ebde3fafdbd0acd0b84549b50d691d8eec615423fcd4e62cef8b47c59debcb

  • SSDEEP

    12288:H0b3M2b6Ea399VgWhTa+7FAsrXIrjy/+jZivkXiJiMGIv1VsSuYON:HCFa3ygaYFAsEjDZ84iJiMD3sSuN

Score
10/10
modiloaderaspackv2discoverytrojan

Malware Config

Targets

    • Target

      d23059b6f4695570243cc79f1bf23ae5_JaffaCakes118

    • Size

      642KB

    • MD5

      d23059b6f4695570243cc79f1bf23ae5

    • SHA1

      677b0e699c8c514206c2278b1b07675da1e2ffc6

    • SHA256

      2794d450e522f3bcd95a8af8530755a5c11b1323e28e63951088911eff0199e1

    • SHA512

      c007bfb30222ff39e71b3ae5c888b000ee903c6857756ee90993452cbdfec69896ebde3fafdbd0acd0b84549b50d691d8eec615423fcd4e62cef8b47c59debcb

    • SSDEEP

      12288:H0b3M2b6Ea399VgWhTa+7FAsrXIrjy/+jZivkXiJiMGIv1VsSuYON:HCFa3ygaYFAsEjDZ84iJiMD3sSuN

    Score
    10/10
    modiloaderaspackv2discoverytrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

      aspackv2

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks