Overview

overview

10

Static

static

3

eabcd64c38...18.exe

windows7-x64

10

eabcd64c38...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eabcd64c3865e4ca0d1dcafae1e09af7_JaffaCakes118

  • Size

    405KB

  • Sample

    240919-gynk5svdjm

  • MD5

    eabcd64c3865e4ca0d1dcafae1e09af7

  • SHA1

    ace466e2e647f30f709ac4ebeb60e7b4089a2ead

  • SHA256

    285f5fa32b21225ddcc1da2350a610c6395a51ed5e8dd79b31089c7cd32f9e3a

  • SHA512

    b4aa80e247256a6f5219fadd953d8cb73d660b871e45f2b7417cac14aa088d12483b3edfa8bbe6015b061842a30f046208761d09df2a9aaeb5037eb5c2350284

  • SSDEEP

    6144:sdw6ZYyddSLWuM9w8MOnrjAHlNEsBz7L2293x8f5SoPDk8KFtEDrp9SVUKg93HY:QZdTnF1nqaYz7Rgo86EDlo

Score
10/10
modiloaderdiscoverypersistencetrojan

Malware Config

Targets

    • Target

      eabcd64c3865e4ca0d1dcafae1e09af7_JaffaCakes118

    • Size

      405KB

    • MD5

      eabcd64c3865e4ca0d1dcafae1e09af7

    • SHA1

      ace466e2e647f30f709ac4ebeb60e7b4089a2ead

    • SHA256

      285f5fa32b21225ddcc1da2350a610c6395a51ed5e8dd79b31089c7cd32f9e3a

    • SHA512

      b4aa80e247256a6f5219fadd953d8cb73d660b871e45f2b7417cac14aa088d12483b3edfa8bbe6015b061842a30f046208761d09df2a9aaeb5037eb5c2350284

    • SSDEEP

      6144:sdw6ZYyddSLWuM9w8MOnrjAHlNEsBz7L2293x8f5SoPDk8KFtEDrp9SVUKg93HY:QZdTnF1nqaYz7Rgo86EDlo

    Score
    10/10
    modiloaderdiscoverypersistencetrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • Event Triggered Execution: Image File Execution Options Injection

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks