Overview

overview

10

Static

static

3

eb5e1cef9f...18.exe

windows7-x64

10

eb5e1cef9f...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eb5e1cef9f1061fe36269c9cf5ebcafd_JaffaCakes118

  • Size

    1.3MB

  • Sample

    240919-p2kyeszcrj

  • MD5

    eb5e1cef9f1061fe36269c9cf5ebcafd

  • SHA1

    dd8cefad895946d46c49669cfc74a6f9ea34e238

  • SHA256

    ab69ecfcda49ebace5927a06cc3cd59e5682e81d42db70f42f9e8fc9c92b47b1

  • SHA512

    b451b3ee103f362a8b252a4542accc68c60793336786dd5b914072cd7639f7821fe0ec8d77bdede98a2f8c47b0c228bde8e2e2128db2c7b0a3de0a9a2328625c

  • SSDEEP

    24576:o81qOlr6z97iEZR8CuZrWPxenNjaDcwCHb0hDoFJPSDlaliHqrvNiJtbrGo:o8XozRBP89rWPx2jLwCQhDJm/TotbrGo

Score
10/10
modiloaderdiscoveryevasiontrojan

Malware Config

Targets

    • Target

      eb5e1cef9f1061fe36269c9cf5ebcafd_JaffaCakes118

    • Size

      1.3MB

    • MD5

      eb5e1cef9f1061fe36269c9cf5ebcafd

    • SHA1

      dd8cefad895946d46c49669cfc74a6f9ea34e238

    • SHA256

      ab69ecfcda49ebace5927a06cc3cd59e5682e81d42db70f42f9e8fc9c92b47b1

    • SHA512

      b451b3ee103f362a8b252a4542accc68c60793336786dd5b914072cd7639f7821fe0ec8d77bdede98a2f8c47b0c228bde8e2e2128db2c7b0a3de0a9a2328625c

    • SSDEEP

      24576:o81qOlr6z97iEZR8CuZrWPxenNjaDcwCHb0hDoFJPSDlaliHqrvNiJtbrGo:o8XozRBP89rWPx2jLwCQhDJm/TotbrGo

    Score
    10/10
    modiloaderdiscoveryevasiontrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks