Overview

overview

10

Static

static

3

9617921201...18.exe

windows7-x64

10

9617921201...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    961792120119601eaa9ede436b1243cf_JaffaCakes118

  • Size

    499KB

  • Sample

    241124-vqrvgswmhq

  • MD5

    961792120119601eaa9ede436b1243cf

  • SHA1

    bb967e42697cddb247ba06f735761eda805aecb2

  • SHA256

    f41c149c908904ba694a4a45a858df7486e5f073318ce79b3baa994db4f2b051

  • SHA512

    69d3d7dbf55f8f8d8cc2b1edcc0df9d7cebcb71497c85c471fa9996d63c65929af399ca44b060c368a09f34d9f961cdba24f80b6fc989cf1b73abc57447ba8c5

  • SSDEEP

    12288:JxkasXmTNVR+6MrVSA6ZKEgzWhi6MWYki8OPI+RLMqrZ:8E7R+6MxkLuQS3

Score
10/10
modiloaderdiscoveryevasiontrojan

Malware Config

Targets

    • Target

      961792120119601eaa9ede436b1243cf_JaffaCakes118

    • Size

      499KB

    • MD5

      961792120119601eaa9ede436b1243cf

    • SHA1

      bb967e42697cddb247ba06f735761eda805aecb2

    • SHA256

      f41c149c908904ba694a4a45a858df7486e5f073318ce79b3baa994db4f2b051

    • SHA512

      69d3d7dbf55f8f8d8cc2b1edcc0df9d7cebcb71497c85c471fa9996d63c65929af399ca44b060c368a09f34d9f961cdba24f80b6fc989cf1b73abc57447ba8c5

    • SSDEEP

      12288:JxkasXmTNVR+6MrVSA6ZKEgzWhi6MWYki8OPI+RLMqrZ:8E7R+6MxkLuQS3

    Score
    10/10
    modiloaderdiscoveryevasiontrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Modifies security service

      evasion

    • Modiloader family

      modiloader

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Network Share Discovery

      Attempt to gather information on host network.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks