Overview

overview

10

Static

static

3

d92fe9f53d...18.exe

windows7-x64

10

d92fe9f53d...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d92fe9f53dcf5fea5ab61818774b6605_JaffaCakes118

  • Size

    2.3MB

  • Sample

    240910-28wpqa1fjc

  • MD5

    d92fe9f53dcf5fea5ab61818774b6605

  • SHA1

    6b59d497bbcfa758bee9b458a4a76836926fc37a

  • SHA256

    2b285bfe03955e85750f2bdb97e3e186af74116f5ca9fa9f32cc179f165c4689

  • SHA512

    7df2538d1334eb9b14e620a5fc8495e6e520563cb6332e80cf920c5c5d6285bbcf3be907d13c0acf2cf3e45491557d6d0a002850c6f620e958ab17970fb1900d

  • SSDEEP

    49152:wXLrBCGjDUo4sUOX57767j74lZoxmsptsrUepfKp4QF0cS:A9JL4sT7RZoxmspq8p45D

Score
10/10
modiloaderdiscoveryevasiontrojan

Malware Config

Targets

    • Target

      d92fe9f53dcf5fea5ab61818774b6605_JaffaCakes118

    • Size

      2.3MB

    • MD5

      d92fe9f53dcf5fea5ab61818774b6605

    • SHA1

      6b59d497bbcfa758bee9b458a4a76836926fc37a

    • SHA256

      2b285bfe03955e85750f2bdb97e3e186af74116f5ca9fa9f32cc179f165c4689

    • SHA512

      7df2538d1334eb9b14e620a5fc8495e6e520563cb6332e80cf920c5c5d6285bbcf3be907d13c0acf2cf3e45491557d6d0a002850c6f620e958ab17970fb1900d

    • SSDEEP

      49152:wXLrBCGjDUo4sUOX57767j74lZoxmsptsrUepfKp4QF0cS:A9JL4sT7RZoxmspq8p45D

    Score
    10/10
    modiloaderdiscoveryevasiontrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks