Overview

overview

10

Static

static

10

e4254c886f...18.exe

windows7-x64

10

e4254c886f...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e4254c886f447b8d8eb2dacf9d398f89_JaffaCakes118

  • Size

    26KB

  • Sample

    240916-gqbxdasape

  • MD5

    e4254c886f447b8d8eb2dacf9d398f89

  • SHA1

    6b5be2d89b566adb98c0f2a21d01a10488f4de75

  • SHA256

    82e0523ae4c739abda81cc432b4d5e1eaad6953a3a7443a565a6fda0d3dc941d

  • SHA512

    eb9c63d60d564edd1f9e469ea43d8167132f458721c3a5c76b78674f5250aa1a04ef3e5098cf4eb4a77a2a67a26c39ffe8721073806409a16aa523a2a001c841

  • SSDEEP

    768:l0N3ug4pec809+euT8OWy1JoT0+di6dW4TUyHeY:y5uXecl+e81Z+dYG

Score
10/10
modiloaderdiscoverypersistencetrojan

Malware Config

Targets

    • Target

      e4254c886f447b8d8eb2dacf9d398f89_JaffaCakes118

    • Size

      26KB

    • MD5

      e4254c886f447b8d8eb2dacf9d398f89

    • SHA1

      6b5be2d89b566adb98c0f2a21d01a10488f4de75

    • SHA256

      82e0523ae4c739abda81cc432b4d5e1eaad6953a3a7443a565a6fda0d3dc941d

    • SHA512

      eb9c63d60d564edd1f9e469ea43d8167132f458721c3a5c76b78674f5250aa1a04ef3e5098cf4eb4a77a2a67a26c39ffe8721073806409a16aa523a2a001c841

    • SSDEEP

      768:l0N3ug4pec809+euT8OWy1JoT0+di6dW4TUyHeY:y5uXecl+e81Z+dYG

    Score
    10/10
    modiloaderdiscoverypersistencetrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks