Overview

overview

10

Static

static

7

fa1a73c004...18.exe

windows7-x64

10

fa1a73c004...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fa1a73c0041f9a6dc334a899567ad771_JaffaCakes118

  • Size

    375KB

  • Sample

    240927-kwa4taxeld

  • MD5

    fa1a73c0041f9a6dc334a899567ad771

  • SHA1

    4aab66d23775b7688370311f60ea246cccedd6d4

  • SHA256

    28134c580c384d5d2af223a07d0ff14ab2d507266ac88735935f90cdbe20ee89

  • SHA512

    1b50ea705a9a3fa4235e2175572ac98844c91ec5e4b861925af12b457aee3b9f4296af49f00eeffe14e470a59b0f4221c26e8316e9d4a5be0cc986905d137a1d

  • SSDEEP

    6144:+XSlgD5NZW+Sj9nJ7VzA2zhS7EBFoQ1IvtxXszhTgJrtrAFXz1XGRpv5AaziUh7z:+sgD5Ns+SZnJxe7E12DXsJg1+BzsuaGq

Score
10/10
modiloaderdiscoverypersistencetrojanvmprotect

Malware Config

Targets

    • Target

      fa1a73c0041f9a6dc334a899567ad771_JaffaCakes118

    • Size

      375KB

    • MD5

      fa1a73c0041f9a6dc334a899567ad771

    • SHA1

      4aab66d23775b7688370311f60ea246cccedd6d4

    • SHA256

      28134c580c384d5d2af223a07d0ff14ab2d507266ac88735935f90cdbe20ee89

    • SHA512

      1b50ea705a9a3fa4235e2175572ac98844c91ec5e4b861925af12b457aee3b9f4296af49f00eeffe14e470a59b0f4221c26e8316e9d4a5be0cc986905d137a1d

    • SSDEEP

      6144:+XSlgD5NZW+Sj9nJ7VzA2zhS7EBFoQ1IvtxXszhTgJrtrAFXz1XGRpv5AaziUh7z:+sgD5Ns+SZnJxe7E12DXsJg1+BzsuaGq

    Score
    10/10
    modiloaderdiscoverypersistencetrojanvmprotect

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • Executes dropped EXE

    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks