Overview

overview

10

Static

static

10

e33c3749f6...18.exe

windows7-x64

10

e33c3749f6...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e33c3749f6940e2e5305a6f0c7144601_JaffaCakes118

  • Size

    647KB

  • Sample

    240915-x7n62azdkq

  • MD5

    e33c3749f6940e2e5305a6f0c7144601

  • SHA1

    9f5fbb635a2f33595acbd8c7fe5b070558be0456

  • SHA256

    f03f5ddc1286147f3c24d573cfe28964b26f0b7504fecedd07f17c237db46921

  • SHA512

    df0b532adc65d4e0087854d44ab73f8bc9c28d2f5cff95ad7381101c1c93f85553faa857e5fc59a5927d6bd0e58638e896a476bf3ec75cf202b60a5f5293abd5

  • SSDEEP

    12288:/BKh71sYrNlC16erJoQlXhiOeuU4K38GQRk9GplArAsaNnXG64TAq3N:UyYrNMdJXhiX4Y8yGppsql0

Score
10/10
modiloaderdiscoverytrojanupx

Malware Config

Targets

    • Target

      e33c3749f6940e2e5305a6f0c7144601_JaffaCakes118

    • Size

      647KB

    • MD5

      e33c3749f6940e2e5305a6f0c7144601

    • SHA1

      9f5fbb635a2f33595acbd8c7fe5b070558be0456

    • SHA256

      f03f5ddc1286147f3c24d573cfe28964b26f0b7504fecedd07f17c237db46921

    • SHA512

      df0b532adc65d4e0087854d44ab73f8bc9c28d2f5cff95ad7381101c1c93f85553faa857e5fc59a5927d6bd0e58638e896a476bf3ec75cf202b60a5f5293abd5

    • SSDEEP

      12288:/BKh71sYrNlC16erJoQlXhiOeuU4K38GQRk9GplArAsaNnXG64TAq3N:UyYrNMdJXhiX4Y8yGppsql0

    Score
    10/10
    modiloaderdiscoverytrojanupx

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks