Overview

overview

10

Static

static

3

d743b5fd27...18.exe

windows7-x64

10

d743b5fd27...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d743b5fd27a66e983ade5dade3979bf3_JaffaCakes118

  • Size

    678KB

  • Sample

    240909-3e642axenf

  • MD5

    d743b5fd27a66e983ade5dade3979bf3

  • SHA1

    0695d26b2180cbf0a6cb4c3a30a55bb5695609cc

  • SHA256

    a0594b8712e34f7041057acb34dac7fa53847f5f0fdcc040fe2c4f11ed6cff3c

  • SHA512

    17797fc504bbf0f8d669bab27fae88b3d0c2ab931ac89a6e6e95f0f15a13ef16d04ad410ce1df358ff68dea4c3135e8c1acac2abd9d9f3e3fc820877e85fd993

  • SSDEEP

    12288:5MN02ezigQMqSorIZx/DuFY6Xg+R99uzvdwXF3Z4mxxMcYVayynAID2K7:5MN5Uowx/+YY9OSXQmXcXyR/

Score
10/10
modiloaderdiscoverytrojan

Malware Config

Targets

    • Target

      d743b5fd27a66e983ade5dade3979bf3_JaffaCakes118

    • Size

      678KB

    • MD5

      d743b5fd27a66e983ade5dade3979bf3

    • SHA1

      0695d26b2180cbf0a6cb4c3a30a55bb5695609cc

    • SHA256

      a0594b8712e34f7041057acb34dac7fa53847f5f0fdcc040fe2c4f11ed6cff3c

    • SHA512

      17797fc504bbf0f8d669bab27fae88b3d0c2ab931ac89a6e6e95f0f15a13ef16d04ad410ce1df358ff68dea4c3135e8c1acac2abd9d9f3e3fc820877e85fd993

    • SSDEEP

      12288:5MN02ezigQMqSorIZx/DuFY6Xg+R99uzvdwXF3Z4mxxMcYVayynAID2K7:5MN5Uowx/+YY9OSXQmXcXyR/

    Score
    10/10
    modiloaderdiscoverytrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks