Overview

overview

10

Static

static

3

f486cf5766...18.exe

windows7-x64

10

f486cf5766...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f486cf57667a5744f4766845c985b27b_JaffaCakes118

  • Size

    108KB

  • Sample

    240924-z8h3hszane

  • MD5

    f486cf57667a5744f4766845c985b27b

  • SHA1

    f03354122b727edc2d9b59c8088b7ac78594f40f

  • SHA256

    380cba82072d88e4ae81afaac03b8966b7ec926ec0d57efcd658e36bd89e644d

  • SHA512

    df3d4f110567c6a4e511a5d9bfed696d59588fbdd69ffc2bced9782ee982ce6fff31d550540879c4aeeb92e53dcce0af8e97ebb63569b6e70fb7cb1e0d695f18

  • SSDEEP

    768:pC38yHB1LhnAty+w1yV3B2xr1ux02VczZLJ7ZjhNW5OE58H6Vd2KFRhdARI3v24/:pCRHR51au8fCzD8jo88bB3EjV2lT20KP

Score
10/10
modiloaderdiscoverytrojan

Malware Config

Targets

    • Target

      f486cf57667a5744f4766845c985b27b_JaffaCakes118

    • Size

      108KB

    • MD5

      f486cf57667a5744f4766845c985b27b

    • SHA1

      f03354122b727edc2d9b59c8088b7ac78594f40f

    • SHA256

      380cba82072d88e4ae81afaac03b8966b7ec926ec0d57efcd658e36bd89e644d

    • SHA512

      df3d4f110567c6a4e511a5d9bfed696d59588fbdd69ffc2bced9782ee982ce6fff31d550540879c4aeeb92e53dcce0af8e97ebb63569b6e70fb7cb1e0d695f18

    • SSDEEP

      768:pC38yHB1LhnAty+w1yV3B2xr1ux02VczZLJ7ZjhNW5OE58H6Vd2KFRhdARI3v24/:pCRHR51au8fCzD8jo88bB3EjV2lT20KP

    Score
    10/10
    modiloaderdiscoverytrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks