Overview

overview

10

Static

static

3

daeb1b9df2...18.exe

windows7-x64

10

daeb1b9df2...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    daeb1b9df2a2f8472425e81d3b27649e_JaffaCakes118

  • Size

    2.6MB

  • Sample

    240911-wj6whavcrh

  • MD5

    daeb1b9df2a2f8472425e81d3b27649e

  • SHA1

    0e7aef64726b5a6af5e190b47713d9be6519b14a

  • SHA256

    bd727ee963c48b567f2be9291ed8e3d9023027a62d369ff323c55109c8c5725b

  • SHA512

    7e7b211a004bc5cc8b59f55581d0b27d2811e21637ec95314be4ab08c5af8a00fd14e1b52e843ce7f244d159cec36cc356beb94327d6d61ee675b04d06a5ad08

  • SSDEEP

    49152:/4aLL6mwEmbI1kBSQC3vFnfxc0fFxj0qKNEM3XtX3WlMJgwvgARrmFCU:/1LLWgkC395lNZ0qIBtn/ZXU

Score
10/10
modiloaderdiscoveryevasiontrojan

Malware Config

Targets

    • Target

      daeb1b9df2a2f8472425e81d3b27649e_JaffaCakes118

    • Size

      2.6MB

    • MD5

      daeb1b9df2a2f8472425e81d3b27649e

    • SHA1

      0e7aef64726b5a6af5e190b47713d9be6519b14a

    • SHA256

      bd727ee963c48b567f2be9291ed8e3d9023027a62d369ff323c55109c8c5725b

    • SHA512

      7e7b211a004bc5cc8b59f55581d0b27d2811e21637ec95314be4ab08c5af8a00fd14e1b52e843ce7f244d159cec36cc356beb94327d6d61ee675b04d06a5ad08

    • SSDEEP

      49152:/4aLL6mwEmbI1kBSQC3vFnfxc0fFxj0qKNEM3XtX3WlMJgwvgARrmFCU:/1LLWgkC395lNZ0qIBtn/ZXU

    Score
    10/10
    modiloaderdiscoveryevasiontrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks