Overview

overview

10

Static

static

3

fd868a85f1...18.exe

windows7-x64

10

fd868a85f1...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fd868a85f1dc17d6930f6e8966b88e4e_JaffaCakes118

  • Size

    415KB

  • Sample

    240929-br74bavalp

  • MD5

    fd868a85f1dc17d6930f6e8966b88e4e

  • SHA1

    34371fccfb34e6b4e176bdea7ee09997e4067b19

  • SHA256

    67995518cf6b26906575d874af6fb1bf9ed3a459088d467cf31ffe2d8c9cba7b

  • SHA512

    49dbd5dd20a7466ee24e3b6b25600528162062b3ae2512f04c24e60c748e55d25449fa5fcc04b3e9eec1bd720991d64afe4ed846082ffc0344fa276695d5edd1

  • SSDEEP

    6144:jqY4CsEJ1VKqJCWGxlVVM1UHjn94oYs0KLVowmVn8n3HvurOTS/p/EMWEhr:NsEJLKqJVGxbVD94oYs0KLVBCe1Eik

Score
10/10
modiloaderdiscoverypersistencetrojan

Malware Config

Targets

    • Target

      fd868a85f1dc17d6930f6e8966b88e4e_JaffaCakes118

    • Size

      415KB

    • MD5

      fd868a85f1dc17d6930f6e8966b88e4e

    • SHA1

      34371fccfb34e6b4e176bdea7ee09997e4067b19

    • SHA256

      67995518cf6b26906575d874af6fb1bf9ed3a459088d467cf31ffe2d8c9cba7b

    • SHA512

      49dbd5dd20a7466ee24e3b6b25600528162062b3ae2512f04c24e60c748e55d25449fa5fcc04b3e9eec1bd720991d64afe4ed846082ffc0344fa276695d5edd1

    • SSDEEP

      6144:jqY4CsEJ1VKqJCWGxlVVM1UHjn94oYs0KLVowmVn8n3HvurOTS/p/EMWEhr:NsEJLKqJVGxbVD94oYs0KLVBCe1Eik

    Score
    10/10
    modiloaderdiscoverypersistencetrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • Event Triggered Execution: Image File Execution Options Injection

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks