Overview

overview

10

Static

static

7

f7a9990baa...18.exe

windows7-x64

10

f7a9990baa...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f7a9990baa88cfb1316314b1de432607_JaffaCakes118

  • Size

    1.3MB

  • Sample

    240926-f4g5wasgpg

  • MD5

    f7a9990baa88cfb1316314b1de432607

  • SHA1

    a2f6fe0cf5a71203c940d1c0472c4fc1a697db50

  • SHA256

    46f101ec79548378567eedbbf4c051c6b0d8a44ab04497b5ed763dffb7728172

  • SHA512

    6d71e76999158a04e9148651adde5fbfa2d73ce7c5b620ee651cd7c27f7946c4456e56f8c5a3be92db5b55a1b27b4390fbdf81fdc24acc633855fbcfd8282a4d

  • SSDEEP

    24576:vlxg8Q4wcIRKvtaCWhswZeo/bQ/x7FjaTXSbMEy5J7rQ7ptXzS:vl4JRctJ2bQ/X4XSbMEyxrAS

Score
10/10
modiloaderaspackv2discoveryevasionpersistencethemidatrojan

Malware Config

Targets

    • Target

      f7a9990baa88cfb1316314b1de432607_JaffaCakes118

    • Size

      1.3MB

    • MD5

      f7a9990baa88cfb1316314b1de432607

    • SHA1

      a2f6fe0cf5a71203c940d1c0472c4fc1a697db50

    • SHA256

      46f101ec79548378567eedbbf4c051c6b0d8a44ab04497b5ed763dffb7728172

    • SHA512

      6d71e76999158a04e9148651adde5fbfa2d73ce7c5b620ee651cd7c27f7946c4456e56f8c5a3be92db5b55a1b27b4390fbdf81fdc24acc633855fbcfd8282a4d

    • SSDEEP

      24576:vlxg8Q4wcIRKvtaCWhswZeo/bQ/x7FjaTXSbMEy5J7rQ7ptXzS:vl4JRctJ2bQ/X4XSbMEyxrAS

    Score
    10/10
    modiloaderdiscoveryevasionpersistencethemidatrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • UAC bypass

      evasiontrojan

    • ModiLoader Second Stage

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks