Overview

overview

10

Static

static

7

f1e0694e97...18.exe

windows7-x64

10

f1e0694e97...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f1e0694e97655528d715a538caf341d9_JaffaCakes118

  • Size

    200KB

  • Sample

    240922-mzrbbawcmg

  • MD5

    f1e0694e97655528d715a538caf341d9

  • SHA1

    e42232537b51737ea90683c8c68259f6fad5b54d

  • SHA256

    9abfe44d5ec2c64f6da89930bd3a1c98d5b89a073167e38d2c585089cb0d7cf5

  • SHA512

    2421705ffe4a573a323bbbff1ae1672374858c0f867c3f9b7b120523ec7a71489a35e4ab813919d47e77519a67f99a0522e49d8ac98281f1352aa03650ee7c11

  • SSDEEP

    3072:jziLb9wuLsVkfbS7DA96ss5THXwu6JJ2L8T/YVXjA6t+tk1j2UkT8rnH04ofOm:XiLbdLskiA0ssNqJo8T/CjD1KDT8rnxG

Score
10/10
modiloaderdiscoverypersistencetrojanupx

Malware Config

Targets

    • Target

      f1e0694e97655528d715a538caf341d9_JaffaCakes118

    • Size

      200KB

    • MD5

      f1e0694e97655528d715a538caf341d9

    • SHA1

      e42232537b51737ea90683c8c68259f6fad5b54d

    • SHA256

      9abfe44d5ec2c64f6da89930bd3a1c98d5b89a073167e38d2c585089cb0d7cf5

    • SHA512

      2421705ffe4a573a323bbbff1ae1672374858c0f867c3f9b7b120523ec7a71489a35e4ab813919d47e77519a67f99a0522e49d8ac98281f1352aa03650ee7c11

    • SSDEEP

      3072:jziLb9wuLsVkfbS7DA96ss5THXwu6JJ2L8T/YVXjA6t+tk1j2UkT8rnH04ofOm:XiLbdLskiA0ssNqJo8T/CjD1KDT8rnxG

    Score
    10/10
    modiloaderdiscoverypersistencetrojanupx

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks