Overview

overview

10

Static

static

3

fadbf7cb04...18.exe

windows7-x64

10

fadbf7cb04...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fadbf7cb04f90eb43900f7327ba5e69c_JaffaCakes118

  • Size

    292KB

  • Sample

    240927-y9s4fazhjf

  • MD5

    fadbf7cb04f90eb43900f7327ba5e69c

  • SHA1

    54e73ac808e6ea34113c8b5331fb16d74fc4f2af

  • SHA256

    041e8fc92dd5dcef95ba5c82203746d36792f56e1ef77cf8f13558eb18fa3d61

  • SHA512

    41807aabbce15f0cef6d43d2066e3fc8f59b7bf71e50da19b7b9957cf48c5b1245c046b058bd287adceafc0344ee3b593d377c7bbeda437ce0b0372dae188969

  • SSDEEP

    6144:hDORJ6TtxmFKEGSvBFaTGMxI2jX1LobQTgzXLu8NRlYp9Nofhw:+OrOvBFh2bFobQQaiMp9NZ

Score
10/10
modiloaderdiscoverytrojan

Malware Config

Targets

    • Target

      fadbf7cb04f90eb43900f7327ba5e69c_JaffaCakes118

    • Size

      292KB

    • MD5

      fadbf7cb04f90eb43900f7327ba5e69c

    • SHA1

      54e73ac808e6ea34113c8b5331fb16d74fc4f2af

    • SHA256

      041e8fc92dd5dcef95ba5c82203746d36792f56e1ef77cf8f13558eb18fa3d61

    • SHA512

      41807aabbce15f0cef6d43d2066e3fc8f59b7bf71e50da19b7b9957cf48c5b1245c046b058bd287adceafc0344ee3b593d377c7bbeda437ce0b0372dae188969

    • SSDEEP

      6144:hDORJ6TtxmFKEGSvBFaTGMxI2jX1LobQTgzXLu8NRlYp9Nofhw:+OrOvBFh2bFobQQaiMp9NZ

    Score
    10/10
    modiloaderdiscoverytrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks