Overview

overview

10

Static

static

10

e76f7eb843...18.exe

windows7-x64

10

e76f7eb843...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e76f7eb8436be26c4bcb5e66fab4801f_JaffaCakes118

  • Size

    88KB

  • Sample

    240917-wy1yssxekn

  • MD5

    e76f7eb8436be26c4bcb5e66fab4801f

  • SHA1

    036b9590bc39b17220be1d55fed0ae0b0ded05c7

  • SHA256

    8435aca6b29876364e7c633e4572f533fa5446a7605967bfb91153d2c663cf81

  • SHA512

    1d79e5caf475350305d924a4bd9986b94e5bcf950897f027abcd6ab16f3de85163547d6d2784b807d6e627c448f2d4079f7b2b31ee9deea0190a6e24ff8dc111

  • SSDEEP

    1536:/4dnPinKE3likMF/kJUdT53qig6o4lSb9fd+AX4Xu9ySX4:oPinzlxMF/kJaTcig4l4V+U9ySX

Score
10/10
modiloaderdiscoverytrojanupx

Malware Config

Targets

    • Target

      e76f7eb8436be26c4bcb5e66fab4801f_JaffaCakes118

    • Size

      88KB

    • MD5

      e76f7eb8436be26c4bcb5e66fab4801f

    • SHA1

      036b9590bc39b17220be1d55fed0ae0b0ded05c7

    • SHA256

      8435aca6b29876364e7c633e4572f533fa5446a7605967bfb91153d2c663cf81

    • SHA512

      1d79e5caf475350305d924a4bd9986b94e5bcf950897f027abcd6ab16f3de85163547d6d2784b807d6e627c448f2d4079f7b2b31ee9deea0190a6e24ff8dc111

    • SSDEEP

      1536:/4dnPinKE3likMF/kJUdT53qig6o4lSb9fd+AX4Xu9ySX4:oPinzlxMF/kJaTcig4l4V+U9ySX

    Score
    10/10
    modiloaderdiscoverytrojanupx

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Enumerates processes with tasklist

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks