Overview

overview

10

Static

static

3

f6760b30fc...18.exe

windows7-x64

10

f6760b30fc...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f6760b30fc256e6e923b646c9ddd5909_JaffaCakes118

  • Size

    1.7MB

  • Sample

    240925-vkan1szdlb

  • MD5

    f6760b30fc256e6e923b646c9ddd5909

  • SHA1

    8e1f8f9346dd26911584f78ad6ccf361c24289f9

  • SHA256

    64695ef72a53eee76b6055e025af7fbed11cf9c38a765503d7b8637e416229a2

  • SHA512

    2fedebe7946de24b0b2c6ea24a08e5cec84d9d1758205b5c9b4bb75081b8e5aa3af9d025fb31a7455918214891e3b533c40485944cdd3a997daaa91b1ad88435

  • SSDEEP

    24576:RaIMsNScd/taTkBc2quTRMxtBVrYa4P3g0tY6Sa2jCed51z5m/lru15w17+zh4T8:l3IcDa4c2bTRGBVrv4tM19m9ruIJ+7

Score
10/10
modiloaderdiscoverypersistenceprivilege_escalationtrojanupx

Malware Config

Targets

    • Target

      f6760b30fc256e6e923b646c9ddd5909_JaffaCakes118

    • Size

      1.7MB

    • MD5

      f6760b30fc256e6e923b646c9ddd5909

    • SHA1

      8e1f8f9346dd26911584f78ad6ccf361c24289f9

    • SHA256

      64695ef72a53eee76b6055e025af7fbed11cf9c38a765503d7b8637e416229a2

    • SHA512

      2fedebe7946de24b0b2c6ea24a08e5cec84d9d1758205b5c9b4bb75081b8e5aa3af9d025fb31a7455918214891e3b533c40485944cdd3a997daaa91b1ad88435

    • SSDEEP

      24576:RaIMsNScd/taTkBc2quTRMxtBVrYa4P3g0tY6Sa2jCed51z5m/lru15w17+zh4T8:l3IcDa4c2bTRGBVrv4tM19m9ruIJ+7

    Score
    10/10
    modiloaderdiscoverypersistenceprivilege_escalationtrojanupx

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks