Overview

overview

10

Static

static

3

e5322a3971...18.exe

windows7-x64

7

e5322a3971...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e5322a3971443460710e3146f0319aa8_JaffaCakes118

  • Size

    358KB

  • Sample

    240916-vcrybsyerm

  • MD5

    e5322a3971443460710e3146f0319aa8

  • SHA1

    df58a48d6fe4f57a452a426147ea5c51e579f101

  • SHA256

    deb9eab1e0555d91f4c0b8481e53d294e9a12956307250691a18aa7a2f934f4a

  • SHA512

    793c681c41a30cfb19b472b9d79dd21d696aafe0bf6ebed743043787774074b1e2e285ce76c5c2d288156831d76b160d842f7c8fb0115bfb9f5aace13088da55

  • SSDEEP

    6144:hjPei55k0QOqWhQcDtVuteJYMklofTT3zYK8Z3/28ADELSlgilQ9:hK05k0QdYLDWteJYMkl5DZP2tDELUTO9

Score
10/10
modiloaderdiscoverypersistencetrojan

Malware Config

Targets

    • Target

      e5322a3971443460710e3146f0319aa8_JaffaCakes118

    • Size

      358KB

    • MD5

      e5322a3971443460710e3146f0319aa8

    • SHA1

      df58a48d6fe4f57a452a426147ea5c51e579f101

    • SHA256

      deb9eab1e0555d91f4c0b8481e53d294e9a12956307250691a18aa7a2f934f4a

    • SHA512

      793c681c41a30cfb19b472b9d79dd21d696aafe0bf6ebed743043787774074b1e2e285ce76c5c2d288156831d76b160d842f7c8fb0115bfb9f5aace13088da55

    • SSDEEP

      6144:hjPei55k0QOqWhQcDtVuteJYMklofTT3zYK8Z3/28ADELSlgilQ9:hK05k0QdYLDWteJYMkl5DZP2tDELUTO9

    Score
    10/10
    discoverypersistencemodiloadertrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks