Overview

overview

10

Static

static

3

e876293a98...18.exe

windows7-x64

10

e876293a98...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e876293a9810ec0ecfc601ea46085bcc_JaffaCakes118

  • Size

    651KB

  • Sample

    240918-gnqmrawekn

  • MD5

    e876293a9810ec0ecfc601ea46085bcc

  • SHA1

    66f49924fcd15d3abcf81fc5d2cf7892a6312cd7

  • SHA256

    4f56bb368527d96479d4e729281dd79ca5a578f07c6e2e1731c9e3a829ebed18

  • SHA512

    f2d0efcf16f3ac8701a1ab8ec1c1a7293ca3017f38fa2328e3a2feed6d18c9361d56c2bbab7c5e9e7ddec0d687e63edf79bc1973cf3d39e631938137d44fa926

  • SSDEEP

    12288:1JT0tLyhfG2VwLkmoJtR1DNeLjctaiEqXOKF3Z4mxxC7sIcOa/Y91TVKFy:1JAtLEG2mImoJiItaij5QmXssINwr4

Score
10/10
modiloaderdiscoverytrojan

Malware Config

Targets

    • Target

      e876293a9810ec0ecfc601ea46085bcc_JaffaCakes118

    • Size

      651KB

    • MD5

      e876293a9810ec0ecfc601ea46085bcc

    • SHA1

      66f49924fcd15d3abcf81fc5d2cf7892a6312cd7

    • SHA256

      4f56bb368527d96479d4e729281dd79ca5a578f07c6e2e1731c9e3a829ebed18

    • SHA512

      f2d0efcf16f3ac8701a1ab8ec1c1a7293ca3017f38fa2328e3a2feed6d18c9361d56c2bbab7c5e9e7ddec0d687e63edf79bc1973cf3d39e631938137d44fa926

    • SSDEEP

      12288:1JT0tLyhfG2VwLkmoJtR1DNeLjctaiEqXOKF3Z4mxxC7sIcOa/Y91TVKFy:1JAtLEG2mImoJiItaij5QmXssINwr4

    Score
    10/10
    modiloaderdiscoverytrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • Deletes itself

    • Executes dropped EXE

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks