Overview

overview

10

Static

static

10

dc92633c4f...18.exe

windows7-x64

10

dc92633c4f...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dc92633c4fd6137f915cb4af84cfe2c5_JaffaCakes118

  • Size

    166KB

  • Sample

    240912-thx6vssgqc

  • MD5

    dc92633c4fd6137f915cb4af84cfe2c5

  • SHA1

    a9857bb1c46301480bfb16841f0037c2b7e103d1

  • SHA256

    74f3338e72a02953b5e317091fa9cac08e0868131e8e45c52d979c5339430d4a

  • SHA512

    2cd4f4ef474b4746c422199833ad14ce9e6b16f34e3326a3603807415433669b50ffca3201b2e8e0077c7e3f135007b874e6a31a310fb4b3cf878774fbc2ab28

  • SSDEEP

    3072:XvgCgUnnG7ivLL0yhPvRhz2zgHi66GW6fhZGMaM1lirBHVOr6nq:/hnG7iLX15AEzRW67G0Tcnq

Score
10/10
modiloaderdefense_evasiondiscoverytrojanupx

Malware Config

Targets

    • Target

      dc92633c4fd6137f915cb4af84cfe2c5_JaffaCakes118

    • Size

      166KB

    • MD5

      dc92633c4fd6137f915cb4af84cfe2c5

    • SHA1

      a9857bb1c46301480bfb16841f0037c2b7e103d1

    • SHA256

      74f3338e72a02953b5e317091fa9cac08e0868131e8e45c52d979c5339430d4a

    • SHA512

      2cd4f4ef474b4746c422199833ad14ce9e6b16f34e3326a3603807415433669b50ffca3201b2e8e0077c7e3f135007b874e6a31a310fb4b3cf878774fbc2ab28

    • SSDEEP

      3072:XvgCgUnnG7ivLL0yhPvRhz2zgHi66GW6fhZGMaM1lirBHVOr6nq:/hnG7iLX15AEzRW67G0Tcnq

    Score
    10/10
    modiloaderdefense_evasiondiscoverytrojanupx

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • Deletes itself

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks