Overview

overview

10

Static

static

7

f4543934b0...18.exe

windows7-x64

10

f4543934b0...18.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f4543934b0f2e0c117ba25ca432a1d0c_JaffaCakes118

  • Size

    1.4MB

  • Sample

    240924-xya8tatdjg

  • MD5

    f4543934b0f2e0c117ba25ca432a1d0c

  • SHA1

    dbaa919c9c87a67ffe6a07a605d605406f92036c

  • SHA256

    2b8419cf8356e31779adb6e85ced800f00356aa319ba67d10ce8dca4e308c381

  • SHA512

    df6fb446f3e4bead4fd01b7193106c0c087393af6a7fb196dcfd14bdd0727976a9f0b2e2fc52f307e70148519e21562d049350e08aefc04dc6c767eab355d441

  • SSDEEP

    24576:iwRivqynd9tKAoORe39BwXMhdvRwBEM4TQ8DsiDaCaJZ183LuDd:iwcvBnJLe39fhJsEM4TRSC+SiDd

Score
10/10
modiloaderdiscoveryevasionpersistencethemidatrojan

Malware Config

Targets

    • Target

      f4543934b0f2e0c117ba25ca432a1d0c_JaffaCakes118

    • Size

      1.4MB

    • MD5

      f4543934b0f2e0c117ba25ca432a1d0c

    • SHA1

      dbaa919c9c87a67ffe6a07a605d605406f92036c

    • SHA256

      2b8419cf8356e31779adb6e85ced800f00356aa319ba67d10ce8dca4e308c381

    • SHA512

      df6fb446f3e4bead4fd01b7193106c0c087393af6a7fb196dcfd14bdd0727976a9f0b2e2fc52f307e70148519e21562d049350e08aefc04dc6c767eab355d441

    • SSDEEP

      24576:iwRivqynd9tKAoORe39BwXMhdvRwBEM4TQ8DsiDaCaJZ183LuDd:iwcvBnJLe39fhJsEM4TRSC+SiDd

    Score
    10/10
    modiloaderdiscoveryevasionpersistencethemidatrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • UAC bypass

      evasiontrojan

    • ModiLoader Second Stage

    • Deletes itself

    • Executes dropped EXE

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks