Overview

overview

10

Static

static

3

d8a033ac90...18.exe

windows7-x64

10

d8a033ac90...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d8a033ac9034826383769f3571874dac_JaffaCakes118

  • Size

    643KB

  • Sample

    240910-vbqzmsvgpc

  • MD5

    d8a033ac9034826383769f3571874dac

  • SHA1

    4d9443553918f7b501265d1c46478308552d3d7f

  • SHA256

    040e9f50a0bb341c5a3e1d8a7aac561773a0c9b6a2e2d272a05833733e34bcf5

  • SHA512

    c1e3ded83b11f959ae50678984a845b97bdfbda43903d8cd8623b540558ef4f4efbd34a85d49d1755c4734c0a61e80e80dd4cf2376eab4365d9b6f80fedf3a4e

  • SSDEEP

    12288:9zjpe28L6CO6cBWMFkxwrnF3Z4mxx8DqVTVOCoA:9D8LbGxkeLQmXbVTzoA

Score
10/10
modiloaderdiscoverytrojan

Malware Config

Targets

    • Target

      d8a033ac9034826383769f3571874dac_JaffaCakes118

    • Size

      643KB

    • MD5

      d8a033ac9034826383769f3571874dac

    • SHA1

      4d9443553918f7b501265d1c46478308552d3d7f

    • SHA256

      040e9f50a0bb341c5a3e1d8a7aac561773a0c9b6a2e2d272a05833733e34bcf5

    • SHA512

      c1e3ded83b11f959ae50678984a845b97bdfbda43903d8cd8623b540558ef4f4efbd34a85d49d1755c4734c0a61e80e80dd4cf2376eab4365d9b6f80fedf3a4e

    • SSDEEP

      12288:9zjpe28L6CO6cBWMFkxwrnF3Z4mxx8DqVTVOCoA:9D8LbGxkeLQmXbVTzoA

    Score
    10/10
    modiloaderdiscoverytrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks