Overview

overview

10

Static

static

3

9e45273d0a...18.exe

windows7-x64

10

9e45273d0a...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9e45273d0a8eabda5ab7f3164a3a0617_JaffaCakes118

  • Size

    180KB

  • Sample

    241125-2ffssszlev

  • MD5

    9e45273d0a8eabda5ab7f3164a3a0617

  • SHA1

    23fbf2b9c15463f248efcbcb4507ac6e2b074784

  • SHA256

    e5a4d90d351834f2fd7e01d3b41859abaca9a87cd65e124e7041aeb368cea024

  • SHA512

    c5f4252a2289423fae2d0d871b3448f553ae802f6028776cd9c0d1f1a2125f94c8dbf11b7edd1904531a8ba2d0f9396d382205813637b21a4d5fb321fd55b135

  • SSDEEP

    3072:ANWN0rOb8eAnG+p2mnciQpHJAcajzAA6U6Cy96uLKoYYl8sm5E3gleSaGr4:ycIqgGa2oYmzSU6v6XYnm5BsGr4

Score
10/10
modiloaderdefense_evasiondiscoverytrojanupx

Malware Config

Targets

    • Target

      9e45273d0a8eabda5ab7f3164a3a0617_JaffaCakes118

    • Size

      180KB

    • MD5

      9e45273d0a8eabda5ab7f3164a3a0617

    • SHA1

      23fbf2b9c15463f248efcbcb4507ac6e2b074784

    • SHA256

      e5a4d90d351834f2fd7e01d3b41859abaca9a87cd65e124e7041aeb368cea024

    • SHA512

      c5f4252a2289423fae2d0d871b3448f553ae802f6028776cd9c0d1f1a2125f94c8dbf11b7edd1904531a8ba2d0f9396d382205813637b21a4d5fb321fd55b135

    • SSDEEP

      3072:ANWN0rOb8eAnG+p2mnciQpHJAcajzAA6U6Cy96uLKoYYl8sm5E3gleSaGr4:ycIqgGa2oYmzSU6v6XYnm5BsGr4

    Score
    10/10
    modiloaderdefense_evasiondiscoverytrojanupx

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Modiloader family

      modiloader

    • ModiLoader Second Stage

    • Deletes itself

    • Executes dropped EXE

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks