Overview

overview

10

Static

static

3

db13d97211...18.exe

windows7-x64

10

db13d97211...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    db13d97211f05bbd03146f3ab5b195e6_JaffaCakes118

  • Size

    63KB

  • Sample

    240911-x9lhxsydrm

  • MD5

    db13d97211f05bbd03146f3ab5b195e6

  • SHA1

    f7cdca2231bb6afcc9ce0b7852889dfa64345502

  • SHA256

    222cd8a60704fe3912b7633cb442e30f300c89e06f5499d1f65c62795e0d2f1a

  • SHA512

    a95d1bed850d73ea2aef140ff0ae3b59764baf70f0fe8cdb6e9b125c299be0e0ea98b769789bee187d7435111cd886ec08a65df7719d6e2f10a16e1060e7164d

  • SSDEEP

    1536:qDqoQi0TKgf+z1o75NiGZL2OkP5iGQdPLq1icYdIlSuHaDU:Wx0lKO9NiGZiMGQ1LGX49U

Score
10/10
modiloaderdiscoverypersistencetrojan

Malware Config

Targets

    • Target

      db13d97211f05bbd03146f3ab5b195e6_JaffaCakes118

    • Size

      63KB

    • MD5

      db13d97211f05bbd03146f3ab5b195e6

    • SHA1

      f7cdca2231bb6afcc9ce0b7852889dfa64345502

    • SHA256

      222cd8a60704fe3912b7633cb442e30f300c89e06f5499d1f65c62795e0d2f1a

    • SHA512

      a95d1bed850d73ea2aef140ff0ae3b59764baf70f0fe8cdb6e9b125c299be0e0ea98b769789bee187d7435111cd886ec08a65df7719d6e2f10a16e1060e7164d

    • SSDEEP

      1536:qDqoQi0TKgf+z1o75NiGZL2OkP5iGQdPLq1icYdIlSuHaDU:Wx0lKO9NiGZiMGQ1LGX49U

    Score
    10/10
    modiloaderdiscoverypersistencetrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks