Overview

overview

10

Static

static

3

9f2342fd79...18.exe

windows7-x64

10

9f2342fd79...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9f2342fd7908bf197c6b0b8838e9aed7_JaffaCakes118

  • Size

    668KB

  • Sample

    241126-b69kpatrcm

  • MD5

    9f2342fd7908bf197c6b0b8838e9aed7

  • SHA1

    14d572f56316a99bbb751fe87948fa292fcee995

  • SHA256

    1e4f92ab6da47a009c181f6902e0317accfbf686f8d8c32c15156b057a82f834

  • SHA512

    49589b7736bacd05f0f6f16442351d94d62b2c5040d90301206ffdc694bb105f8870359c8769051be4d86afaf9e2bb6ad9b9cf20eba0434a9826e3684f2780a4

  • SSDEEP

    12288:TxGgcYEM+/97z3PEXFEcE0wqcxaSGRbF3Z4mxxmDqVTVOCK:8oc7z/wF00wqpSGRbQmXFVTzK

Score
10/10
modiloaderdiscoverytrojan

Malware Config

Targets

    • Target

      9f2342fd7908bf197c6b0b8838e9aed7_JaffaCakes118

    • Size

      668KB

    • MD5

      9f2342fd7908bf197c6b0b8838e9aed7

    • SHA1

      14d572f56316a99bbb751fe87948fa292fcee995

    • SHA256

      1e4f92ab6da47a009c181f6902e0317accfbf686f8d8c32c15156b057a82f834

    • SHA512

      49589b7736bacd05f0f6f16442351d94d62b2c5040d90301206ffdc694bb105f8870359c8769051be4d86afaf9e2bb6ad9b9cf20eba0434a9826e3684f2780a4

    • SSDEEP

      12288:TxGgcYEM+/97z3PEXFEcE0wqcxaSGRbF3Z4mxxmDqVTVOCK:8oc7z/wF00wqpSGRbQmXFVTzK

    Score
    10/10
    modiloaderdiscoverytrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Modiloader family

      modiloader

    • ModiLoader Second Stage

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks