Overview

overview

10

Static

static

3

dc9a4a8638...18.exe

windows7-x64

10

dc9a4a8638...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dc9a4a863817eb1ff6bb95d4b3327956_JaffaCakes118

  • Size

    731KB

  • Sample

    240912-tvtdfatcpn

  • MD5

    dc9a4a863817eb1ff6bb95d4b3327956

  • SHA1

    18b5afec2e66b25c08cf39c08b141c846350cb78

  • SHA256

    604896ce36b8214f8cc8244e5760475d7c018da4e2c2d0ffeb45dd9dd759991b

  • SHA512

    940d3f4e4eec2ed32730a4d793ce8472baec369f07a8686fca12c9c1b24c19fd895f60475c48b63761b61fb5e9b7b11199e8edbeb8bc175657e9620f6559a287

  • SSDEEP

    12288:e9mLyIO3acebmZ/cAULCG9CzUnNnlGQxue1Q0RZF3Z4mxxgDqVTVOCS:e4LFscAUlUtQxDa0RZQmX3VTzS

Score
10/10
modiloaderdiscoverypersistencetrojan

Malware Config

Targets

    • Target

      dc9a4a863817eb1ff6bb95d4b3327956_JaffaCakes118

    • Size

      731KB

    • MD5

      dc9a4a863817eb1ff6bb95d4b3327956

    • SHA1

      18b5afec2e66b25c08cf39c08b141c846350cb78

    • SHA256

      604896ce36b8214f8cc8244e5760475d7c018da4e2c2d0ffeb45dd9dd759991b

    • SHA512

      940d3f4e4eec2ed32730a4d793ce8472baec369f07a8686fca12c9c1b24c19fd895f60475c48b63761b61fb5e9b7b11199e8edbeb8bc175657e9620f6559a287

    • SSDEEP

      12288:e9mLyIO3acebmZ/cAULCG9CzUnNnlGQxue1Q0RZF3Z4mxxgDqVTVOCS:e4LFscAUlUtQxDa0RZQmX3VTzS

    Score
    10/10
    modiloaderdiscoverypersistencetrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks