Overview

overview

10

Static

static

3

ea79ebe46c...18.exe

windows7-x64

10

ea79ebe46c...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ea79ebe46c3e7d4abd2a52b34515a465_JaffaCakes118

  • Size

    543KB

  • Sample

    240919-dp2jvsybjp

  • MD5

    ea79ebe46c3e7d4abd2a52b34515a465

  • SHA1

    a91af76c69f1c21d4bbe294ed216de9e045d6c7f

  • SHA256

    6d711529a2b4ec008bd3714903a958f7cf5868368c3352cab24e73c77f4967a0

  • SHA512

    e2c2d2fc6afce4aa1eecaec45f5b921a3caa0fd363b74f216cfef49880d16499815ca4e39426542d67a75eda00bb26b2d443710e947e8c09401efc7b3691a283

  • SSDEEP

    12288:CyEZ61tI6NHzhzx122gdYlj0Nm3qKeAiT1c2obY7h6UlKWqK40CsiH:CbZ61ttNHzv1fgSd08qKeA8oc7lmghs

Score
10/10
modiloaderdiscoverytrojan

Malware Config

Targets

    • Target

      ea79ebe46c3e7d4abd2a52b34515a465_JaffaCakes118

    • Size

      543KB

    • MD5

      ea79ebe46c3e7d4abd2a52b34515a465

    • SHA1

      a91af76c69f1c21d4bbe294ed216de9e045d6c7f

    • SHA256

      6d711529a2b4ec008bd3714903a958f7cf5868368c3352cab24e73c77f4967a0

    • SHA512

      e2c2d2fc6afce4aa1eecaec45f5b921a3caa0fd363b74f216cfef49880d16499815ca4e39426542d67a75eda00bb26b2d443710e947e8c09401efc7b3691a283

    • SSDEEP

      12288:CyEZ61tI6NHzhzx122gdYlj0Nm3qKeAiT1c2obY7h6UlKWqK40CsiH:CbZ61ttNHzv1fgSd08qKeA8oc7lmghs

    Score
    10/10
    modiloaderdiscoverytrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks