Overview

overview

10

Static

static

3

a45e7279c6...18.exe

windows7-x64

10

a45e7279c6...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a45e7279c6934f94b5037d5c0c073293_JaffaCakes118

  • Size

    244KB

  • Sample

    241126-12ay1aslax

  • MD5

    a45e7279c6934f94b5037d5c0c073293

  • SHA1

    7e3e64a3f265b3425fcd050d6c5ea3b9500b0a90

  • SHA256

    61c3796fbba8df931be58bd2cc1a2e52bdce5cd6ff51fa84ef9e9972270af37c

  • SHA512

    f09b4679cafdc550590c1a0f424eb30960447b54b5afcd18bd0082def949326986646e274599be3e6a4f50bbcfc8dfc6466e940c8d1423d77900457bb70b6f4e

  • SSDEEP

    6144:EXr5D7Uefg502lm8dB6/XWCnGddiign0R0B6J:EXtvUig55mEknGPNzR06

Score
10/10
modiloaderdiscoveryevasiontrojan

Malware Config

Targets

    • Target

      a45e7279c6934f94b5037d5c0c073293_JaffaCakes118

    • Size

      244KB

    • MD5

      a45e7279c6934f94b5037d5c0c073293

    • SHA1

      7e3e64a3f265b3425fcd050d6c5ea3b9500b0a90

    • SHA256

      61c3796fbba8df931be58bd2cc1a2e52bdce5cd6ff51fa84ef9e9972270af37c

    • SHA512

      f09b4679cafdc550590c1a0f424eb30960447b54b5afcd18bd0082def949326986646e274599be3e6a4f50bbcfc8dfc6466e940c8d1423d77900457bb70b6f4e

    • SSDEEP

      6144:EXr5D7Uefg502lm8dB6/XWCnGddiign0R0B6J:EXtvUig55mEknGPNzR06

    Score
    10/10
    modiloaderdiscoveryevasiontrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Modiloader family

      modiloader

    • UAC bypass

      evasiontrojan

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks