Overview

overview

10

Static

static

3

fac7b90894...18.exe

windows7-x64

10

fac7b90894...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fac7b90894fde41c3ebe28abbd6bcb8f_JaffaCakes118

  • Size

    204KB

  • Sample

    240927-x96tvsvhrq

  • MD5

    fac7b90894fde41c3ebe28abbd6bcb8f

  • SHA1

    10b0ce401b825185645b9c679bf918e5fa2bf9f3

  • SHA256

    30451eef1dcd2c825a752e62e2bc500df6da48b913292b6af382c2d4be795140

  • SHA512

    a42110a18fbb01622b179c210f98f758f76a7129619d607cf0067bee2b80b21990c67a1cd5c4969da4edc3481e727ba9f5e1160e1e4d8a26e5a6f7384ac2cad4

  • SSDEEP

    3072:BJmOMkriMrYy9sdRq8yrC9z8z6arSE2z9suLUSYRJTqDe2TUjQf8WK2BJ:jfZGcSLgC9Innu4JZmB

Score
10/10
modiloaderdiscoverypersistencetrojan

Malware Config

Targets

    • Target

      fac7b90894fde41c3ebe28abbd6bcb8f_JaffaCakes118

    • Size

      204KB

    • MD5

      fac7b90894fde41c3ebe28abbd6bcb8f

    • SHA1

      10b0ce401b825185645b9c679bf918e5fa2bf9f3

    • SHA256

      30451eef1dcd2c825a752e62e2bc500df6da48b913292b6af382c2d4be795140

    • SHA512

      a42110a18fbb01622b179c210f98f758f76a7129619d607cf0067bee2b80b21990c67a1cd5c4969da4edc3481e727ba9f5e1160e1e4d8a26e5a6f7384ac2cad4

    • SSDEEP

      3072:BJmOMkriMrYy9sdRq8yrC9z8z6arSE2z9suLUSYRJTqDe2TUjQf8WK2BJ:jfZGcSLgC9Innu4JZmB

    Score
    10/10
    modiloaderdiscoverypersistencetrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks