Overview

overview

10

Static

static

3

e6f7a37e7b...18.exe

windows7-x64

7

e6f7a37e7b...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e6f7a37e7b2e14088e37bcf35d055a59_JaffaCakes118

  • Size

    285KB

  • Sample

    240917-q8b5jawhkq

  • MD5

    e6f7a37e7b2e14088e37bcf35d055a59

  • SHA1

    7122b88dc46bf377da03d8905c13b7ddc890dda7

  • SHA256

    f23e3eabae81ebfdfa4f0767f0c7a67bee3ebc8aabb777287fa88d4569c89c83

  • SHA512

    5adf51e89761e87e8f422e7b089300e5725affb9d9b3777632499d845c5897ffd135a95f0fb8d24d61d2fa31c128521c96717bd3b41d8f95fd191277bf487313

  • SSDEEP

    6144:HeBIAx9vZC8qVoIZ02jTelH98gWNlPTGQQm6agrd:HKVXCT82He8NtTird

Score
10/10
modiloaderbootkitdefense_evasiondiscoverypersistencetrojanupx

Malware Config

Targets

    • Target

      e6f7a37e7b2e14088e37bcf35d055a59_JaffaCakes118

    • Size

      285KB

    • MD5

      e6f7a37e7b2e14088e37bcf35d055a59

    • SHA1

      7122b88dc46bf377da03d8905c13b7ddc890dda7

    • SHA256

      f23e3eabae81ebfdfa4f0767f0c7a67bee3ebc8aabb777287fa88d4569c89c83

    • SHA512

      5adf51e89761e87e8f422e7b089300e5725affb9d9b3777632499d845c5897ffd135a95f0fb8d24d61d2fa31c128521c96717bd3b41d8f95fd191277bf487313

    • SSDEEP

      6144:HeBIAx9vZC8qVoIZ02jTelH98gWNlPTGQQm6agrd:HKVXCT82He8NtTird

    Score
    10/10
    bootkitdefense_evasiondiscoverypersistenceupxmodiloadertrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • Deletes itself

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks