Overview

overview

10

Static

static

3

e2616dae48...18.exe

windows7-x64

10

e2616dae48...18.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e2616dae4836fc6e4cf181a9f06730de_JaffaCakes118

  • Size

    166KB

  • Sample

    240915-nmrlzs1gjg

  • MD5

    e2616dae4836fc6e4cf181a9f06730de

  • SHA1

    65de9fa11e5bdd2f0f1d71d09844b950c8fd010b

  • SHA256

    50f5f208658f807fafe8462b0bb538d1aa47ead2b497f870a1aaad5f73241fbf

  • SHA512

    1c45930ff90e87d0d4ced0645b8ed3bd6c11df7f14043c5281afb92736261c2f2eac34c80c6b1860b2841d9165c3e16be6027e8dd749171ce815a0aa8bcbfcd5

  • SSDEEP

    3072:AQiqldz6bnuKETcDozvr1xWoDImMgP1eNF6Ye+DzQd1Mkv0l3lRKBs:ABbuGgxzILH/6Ybw1fI1Rj

Score
10/10
modiloaderdefense_evasiondiscoverytrojanupx

Malware Config

Targets

    • Target

      e2616dae4836fc6e4cf181a9f06730de_JaffaCakes118

    • Size

      166KB

    • MD5

      e2616dae4836fc6e4cf181a9f06730de

    • SHA1

      65de9fa11e5bdd2f0f1d71d09844b950c8fd010b

    • SHA256

      50f5f208658f807fafe8462b0bb538d1aa47ead2b497f870a1aaad5f73241fbf

    • SHA512

      1c45930ff90e87d0d4ced0645b8ed3bd6c11df7f14043c5281afb92736261c2f2eac34c80c6b1860b2841d9165c3e16be6027e8dd749171ce815a0aa8bcbfcd5

    • SSDEEP

      3072:AQiqldz6bnuKETcDozvr1xWoDImMgP1eNF6Ye+DzQd1Mkv0l3lRKBs:ABbuGgxzILH/6Ybw1fI1Rj

    Score
    10/10
    modiloaderdefense_evasiondiscoverytrojanupx

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • Deletes itself

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks