Overview

overview

10

Static

static

3

e729dde168...18.exe

windows7-x64

10

e729dde168...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e729dde1686d998ec6543343be4b50a8_JaffaCakes118

  • Size

    601KB

  • Sample

    240917-s8z8ga1ekr

  • MD5

    e729dde1686d998ec6543343be4b50a8

  • SHA1

    83f184f4fe9893cdc2f9fb952716ca0c80507b5a

  • SHA256

    e51643e4363098a8228bce9ee14eeb9439f04f975912d56ae60798706d341fbc

  • SHA512

    913a242c4e515dfa6c5aa5b2a786ad93b68902e3ee8171a65f1489ae31ef09a41c9c93d185ff8c9c30e117f02176c9b411a4e3c0711f275c10b90308756e4dc7

  • SSDEEP

    12288:/oYKUQpZP4KtULKf3I0YhCuF3Z4mxx66W4AIyWToM7wu:/RKUQphNtULKfYDxQmX66WLWTD7wu

Score
10/10
modiloaderdiscoverytrojan

Malware Config

Targets

    • Target

      e729dde1686d998ec6543343be4b50a8_JaffaCakes118

    • Size

      601KB

    • MD5

      e729dde1686d998ec6543343be4b50a8

    • SHA1

      83f184f4fe9893cdc2f9fb952716ca0c80507b5a

    • SHA256

      e51643e4363098a8228bce9ee14eeb9439f04f975912d56ae60798706d341fbc

    • SHA512

      913a242c4e515dfa6c5aa5b2a786ad93b68902e3ee8171a65f1489ae31ef09a41c9c93d185ff8c9c30e117f02176c9b411a4e3c0711f275c10b90308756e4dc7

    • SSDEEP

      12288:/oYKUQpZP4KtULKf3I0YhCuF3Z4mxx66W4AIyWToM7wu:/RKUQphNtULKfYDxQmX66WLWTD7wu

    Score
    10/10
    modiloaderdiscoverytrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks