Overview

overview

10

Static

static

3

e2732c1049...18.exe

windows7-x64

10

e2732c1049...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e2732c1049ab6ff863ffb541178138f5_JaffaCakes118

  • Size

    903KB

  • Sample

    240915-pb6r7sterq

  • MD5

    e2732c1049ab6ff863ffb541178138f5

  • SHA1

    68346693bea16b19293835cd0ce35bc46a3ec0cd

  • SHA256

    4a8aaa13b9c3e2ff6011f8e3ead2577f7f6cc562114e8fd5bcfd7274c6a4da1f

  • SHA512

    0fd68e9338909ee93d7234e20adc94d90366f6014605f27c122ebb17f4a268947ea215689a9dcbdc0642bbb02ac2c2330c12bbecf32a4f1ed413958984e10afc

  • SSDEEP

    24576:bjC7CQ4huEnfauT6VgRolRC+LWLlfTAc7vR2:HC7CJrffRolRCmWpfjw

Score
10/10
modiloaderbootkitdiscoverypersistencetrojan

Malware Config

Targets

    • Target

      e2732c1049ab6ff863ffb541178138f5_JaffaCakes118

    • Size

      903KB

    • MD5

      e2732c1049ab6ff863ffb541178138f5

    • SHA1

      68346693bea16b19293835cd0ce35bc46a3ec0cd

    • SHA256

      4a8aaa13b9c3e2ff6011f8e3ead2577f7f6cc562114e8fd5bcfd7274c6a4da1f

    • SHA512

      0fd68e9338909ee93d7234e20adc94d90366f6014605f27c122ebb17f4a268947ea215689a9dcbdc0642bbb02ac2c2330c12bbecf32a4f1ed413958984e10afc

    • SSDEEP

      24576:bjC7CQ4huEnfauT6VgRolRC+LWLlfTAc7vR2:HC7CJrffRolRCmWpfjw

    Score
    10/10
    modiloaderbootkitdiscoverypersistencetrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks