Overview

overview

10

Static

static

3

2e3c524f90...18.exe

windows7-x64

10

2e3c524f90...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    2e3c524f9073364841ed1e975b49505a_JaffaCakes118

  • Size

    362KB

  • Sample

    241009-ktjm6s1djl

  • MD5

    2e3c524f9073364841ed1e975b49505a

  • SHA1

    78d97397ec489e9024597d9d42af1e26e7830776

  • SHA256

    e25bbcf45ba08953bcdf9183f340ad74321b6608b7b3e101a4feced1aee5090f

  • SHA512

    0606abe72c69cd83038d5860c0a78a4731120f23262d1988a3c8e3eb4cac86991985c36e1dc3a8f640a778902b94c0d1877fd93b721ddedfdb9eb67150437b51

  • SSDEEP

    6144:xOJRPk+CI2DJx+2Ba2OMAwEcydiIpdPLnQJgHTgXfzwvSe85F2m1J:xa3xkJxz82LEdisdPDQjXcejj

Score
10/10
modiloaderdiscoveryevasiontrojan

Malware Config

Targets

    • Target

      2e3c524f9073364841ed1e975b49505a_JaffaCakes118

    • Size

      362KB

    • MD5

      2e3c524f9073364841ed1e975b49505a

    • SHA1

      78d97397ec489e9024597d9d42af1e26e7830776

    • SHA256

      e25bbcf45ba08953bcdf9183f340ad74321b6608b7b3e101a4feced1aee5090f

    • SHA512

      0606abe72c69cd83038d5860c0a78a4731120f23262d1988a3c8e3eb4cac86991985c36e1dc3a8f640a778902b94c0d1877fd93b721ddedfdb9eb67150437b51

    • SSDEEP

      6144:xOJRPk+CI2DJx+2Ba2OMAwEcydiIpdPLnQJgHTgXfzwvSe85F2m1J:xa3xkJxz82LEdisdPDQjXcejj

    Score
    10/10
    modiloaderdiscoveryevasiontrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • UAC bypass

      evasiontrojan

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks