Overview

overview

10

Static

static

3

daab2f9d69...18.exe

windows7-x64

10

daab2f9d69...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    daab2f9d6999401781c20e5bc0647dea_JaffaCakes118

  • Size

    337KB

  • Sample

    240911-s2k5zaybnp

  • MD5

    daab2f9d6999401781c20e5bc0647dea

  • SHA1

    7f990620bd6f31b3fb3da8d8c18b954ab90cd34f

  • SHA256

    6310ec3f7fb15835ab9e627f13f4a28c6236e07488f35b6e8dfd4742aec2c2f5

  • SHA512

    f537a5ebf0ecd8a936332afecc4faf55d7c4166009d834a85991a7ac44ad5c697e5ccba14b579a8aea88001efbaa53b949ccabb11b80037c2d489a8e4831383a

  • SSDEEP

    6144:dBNlDX3C5F9kk6op30syEV9+mNxGIrPj0NmWtNvUnoSW:dBPDXS5Dkk6op3+EGq0Nx8noSW

Score
10/10
modiloaderdiscoveryevasiontrojanupx

Malware Config

Targets

    • Target

      daab2f9d6999401781c20e5bc0647dea_JaffaCakes118

    • Size

      337KB

    • MD5

      daab2f9d6999401781c20e5bc0647dea

    • SHA1

      7f990620bd6f31b3fb3da8d8c18b954ab90cd34f

    • SHA256

      6310ec3f7fb15835ab9e627f13f4a28c6236e07488f35b6e8dfd4742aec2c2f5

    • SHA512

      f537a5ebf0ecd8a936332afecc4faf55d7c4166009d834a85991a7ac44ad5c697e5ccba14b579a8aea88001efbaa53b949ccabb11b80037c2d489a8e4831383a

    • SSDEEP

      6144:dBNlDX3C5F9kk6op30syEV9+mNxGIrPj0NmWtNvUnoSW:dBPDXS5Dkk6op3+EGq0Nx8noSW

    Score
    10/10
    modiloaderdiscoveryevasiontrojanupx

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • UAC bypass

      evasiontrojan

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks