Overview

overview

10

Static

static

7

ec413a1ed5...18.exe

windows7-x64

10

ec413a1ed5...18.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ec413a1ed559ebdb952f5e2e7a6205e4_JaffaCakes118

  • Size

    1.6MB

  • Sample

    240919-1pplmasdkb

  • MD5

    ec413a1ed559ebdb952f5e2e7a6205e4

  • SHA1

    465c6c89ee559c82dda441572dfd57fa14a4bc8d

  • SHA256

    c04bad2fbfb7e5edcc3a2d3dd50fa9741fbf2e690886c33ee28ccba67f5db9e7

  • SHA512

    12cbf6c9bdd47c0d151abf0ebc5713a8613ce2a5d51b7553e09d3c2da5bb3082277611bc976ae6933a888778c43534dc18be92716184ddf4449b15eaa090d45c

  • SSDEEP

    24576:fHS2s0Bb0NXd9eeM2jq5VidNGpqkErL2jHegQLfh08p/HGED:fHS5jd9eeMQdNGpj8dB/HGED

Score
10/10
modiloaderdiscoveryevasionpersistencethemidatrojan

Malware Config

Targets

    • Target

      ec413a1ed559ebdb952f5e2e7a6205e4_JaffaCakes118

    • Size

      1.6MB

    • MD5

      ec413a1ed559ebdb952f5e2e7a6205e4

    • SHA1

      465c6c89ee559c82dda441572dfd57fa14a4bc8d

    • SHA256

      c04bad2fbfb7e5edcc3a2d3dd50fa9741fbf2e690886c33ee28ccba67f5db9e7

    • SHA512

      12cbf6c9bdd47c0d151abf0ebc5713a8613ce2a5d51b7553e09d3c2da5bb3082277611bc976ae6933a888778c43534dc18be92716184ddf4449b15eaa090d45c

    • SSDEEP

      24576:fHS2s0Bb0NXd9eeM2jq5VidNGpqkErL2jHegQLfh08p/HGED:fHS5jd9eeMQdNGpj8dB/HGED

    Score
    10/10
    modiloaderdiscoveryevasionpersistencethemidatrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • UAC bypass

      evasiontrojan

    • ModiLoader Second Stage

    • Deletes itself

    • Executes dropped EXE

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks