Overview

overview

10

Static

static

3

e86b24a72d...18.exe

windows7-x64

10

e86b24a72d...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e86b24a72da5180338fd892d5c8499bf_JaffaCakes118

  • Size

    580KB

  • Sample

    240918-f5ndaavcrb

  • MD5

    e86b24a72da5180338fd892d5c8499bf

  • SHA1

    d3c5ede7ca003f3207c7c38a4d9f17384123bb15

  • SHA256

    f99dca4955fdfd823e3f8ac1a52d0af54049322ff286a86f532d1755305d90d1

  • SHA512

    902a6bad0b5458aeba6dd9f5cc256960fb1bacbe9dd80ac9e03f9917df15d464398b72750f1f73dd3fbe05873f20fe71f6dd1be59e31a4213644e8c97ca4afbd

  • SSDEEP

    12288:LZdSC9uA/KLnCQjThsekLsdGotF3Z4mxxBoEtlK+kt9T2M9v:LV9uA/KLzjTaeMsdGKQmXiG4

Score
10/10
modiloaderdiscoverytrojan

Malware Config

Targets

    • Target

      e86b24a72da5180338fd892d5c8499bf_JaffaCakes118

    • Size

      580KB

    • MD5

      e86b24a72da5180338fd892d5c8499bf

    • SHA1

      d3c5ede7ca003f3207c7c38a4d9f17384123bb15

    • SHA256

      f99dca4955fdfd823e3f8ac1a52d0af54049322ff286a86f532d1755305d90d1

    • SHA512

      902a6bad0b5458aeba6dd9f5cc256960fb1bacbe9dd80ac9e03f9917df15d464398b72750f1f73dd3fbe05873f20fe71f6dd1be59e31a4213644e8c97ca4afbd

    • SSDEEP

      12288:LZdSC9uA/KLnCQjThsekLsdGotF3Z4mxxBoEtlK+kt9T2M9v:LV9uA/KLzjTaeMsdGKQmXiG4

    Score
    10/10
    modiloaderdiscoverytrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks