Overview

overview

10

Static

static

3

d71fe84b82...18.exe

windows7-x64

10

d71fe84b82...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d71fe84b82a18634318e53337c6e5afa_JaffaCakes118

  • Size

    440KB

  • Sample

    240909-1df54s1ejq

  • MD5

    d71fe84b82a18634318e53337c6e5afa

  • SHA1

    959e9f1b947d997dd83dc3db4ecb88fc3e4ec97b

  • SHA256

    8b87eee448bb0a676db1ca9ac09a677cb8a612a49f0a18f6fdfb18f39ced32d8

  • SHA512

    b43e709a890fc362dfd9283bb16e9739708def818dbb1f8a93dc887d207db130be6c3e9b0c9f697e30fe3c511ea46b4875db024e9c4cd6307e665331da112dcb

  • SSDEEP

    12288:eCh17QK/lGRgOUqmq9kR6lhKX32C4F+Dd4BqR+jx6W6+/:eI17QK/cRgOnmq9g6q2C4e06C/

Score
10/10
modiloaderdiscoveryevasiontrojanupx

Malware Config

Targets

    • Target

      d71fe84b82a18634318e53337c6e5afa_JaffaCakes118

    • Size

      440KB

    • MD5

      d71fe84b82a18634318e53337c6e5afa

    • SHA1

      959e9f1b947d997dd83dc3db4ecb88fc3e4ec97b

    • SHA256

      8b87eee448bb0a676db1ca9ac09a677cb8a612a49f0a18f6fdfb18f39ced32d8

    • SHA512

      b43e709a890fc362dfd9283bb16e9739708def818dbb1f8a93dc887d207db130be6c3e9b0c9f697e30fe3c511ea46b4875db024e9c4cd6307e665331da112dcb

    • SSDEEP

      12288:eCh17QK/lGRgOUqmq9kR6lhKX32C4F+Dd4BqR+jx6W6+/:eI17QK/cRgOnmq9g6q2C4e06C/

    Score
    10/10
    modiloaderdiscoveryevasiontrojanupx

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • UAC bypass

      evasiontrojan

    • ModiLoader Second Stage

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks