Overview

overview

10

Static

static

3

d3eb1eff01...18.exe

windows7-x64

10

d3eb1eff01...18.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d3eb1eff0165ddb2508ef4ac75c3057a_JaffaCakes118

  • Size

    1.4MB

  • Sample

    240908-j36nmavflm

  • MD5

    d3eb1eff0165ddb2508ef4ac75c3057a

  • SHA1

    ac529e9afa7b6146fed3452e6d9d6158950f195a

  • SHA256

    3749ff73bd8fa7dc4563a4b44be4d27de20dbfca6120c89849814b4716e64055

  • SHA512

    258a902b81138fc5de78003ac8dd9205071ebfd584a04b6d6389685f3912976a3f059ee45ec8373eb0e107f24b52f6c1ae7bd945429fca51d5801e9f32e4d89c

  • SSDEEP

    24576:4lOYNOfOnKhoGe6GVbUleiuMFQLwVhIg/Fv1m0TKpxtrINW8:4lO6OfoMTubdiO0FPul

Score
10/10
modiloaderdiscoveryevasionpersistencetrojan

Malware Config

Targets

    • Target

      d3eb1eff0165ddb2508ef4ac75c3057a_JaffaCakes118

    • Size

      1.4MB

    • MD5

      d3eb1eff0165ddb2508ef4ac75c3057a

    • SHA1

      ac529e9afa7b6146fed3452e6d9d6158950f195a

    • SHA256

      3749ff73bd8fa7dc4563a4b44be4d27de20dbfca6120c89849814b4716e64055

    • SHA512

      258a902b81138fc5de78003ac8dd9205071ebfd584a04b6d6389685f3912976a3f059ee45ec8373eb0e107f24b52f6c1ae7bd945429fca51d5801e9f32e4d89c

    • SSDEEP

      24576:4lOYNOfOnKhoGe6GVbUleiuMFQLwVhIg/Fv1m0TKpxtrINW8:4lO6OfoMTubdiO0FPul

    Score
    10/10
    modiloaderdiscoveryevasionpersistencetrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • UAC bypass

      evasiontrojan

    • ModiLoader Second Stage

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks