Overview

overview

10

Static

static

7

eaadea7fd5...18.exe

windows7-x64

10

eaadea7fd5...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eaadea7fd5b1de48f0c250f0f551d9f7_JaffaCakes118

  • Size

    418KB

  • Sample

    240919-f85rqstcll

  • MD5

    eaadea7fd5b1de48f0c250f0f551d9f7

  • SHA1

    e92a7ccb76ef2019954e41185a1c904e2aea25e3

  • SHA256

    e5ffec7953bdc23f60b999c0d61551c2e0745e824e36a00c6f6fc5dfd4240b6f

  • SHA512

    0f19d6ab9ed77e97a3e4c3fcd3acafd782a686cc9d5f55711627db1e12bdb9904ca2c5fdd38dcc218c68f78449d828ee41620545af31e2b4856ded5a52499dbe

  • SSDEEP

    6144:tVSdQal6RjoZorLnMyATTgxKiNaq7D4d2w6Tl66uH99QJ6q/Yhoro9E/lWG:tVA6io+TcKwaGU9eLisoSYhuo9rG

Score
10/10
modiloaderdiscoverytrojanvmprotect

Malware Config

Targets

    • Target

      eaadea7fd5b1de48f0c250f0f551d9f7_JaffaCakes118

    • Size

      418KB

    • MD5

      eaadea7fd5b1de48f0c250f0f551d9f7

    • SHA1

      e92a7ccb76ef2019954e41185a1c904e2aea25e3

    • SHA256

      e5ffec7953bdc23f60b999c0d61551c2e0745e824e36a00c6f6fc5dfd4240b6f

    • SHA512

      0f19d6ab9ed77e97a3e4c3fcd3acafd782a686cc9d5f55711627db1e12bdb9904ca2c5fdd38dcc218c68f78449d828ee41620545af31e2b4856ded5a52499dbe

    • SSDEEP

      6144:tVSdQal6RjoZorLnMyATTgxKiNaq7D4d2w6Tl66uH99QJ6q/Yhoro9E/lWG:tVA6io+TcKwaGU9eLisoSYhuo9rG

    Score
    10/10
    modiloaderdiscoverytrojanvmprotect

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks