Overview

overview

10

Static

static

3

a7d73b32f2...18.exe

windows7-x64

10

a7d73b32f2...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a7d73b32f22b800d2adb52ea155a5889_JaffaCakes118

  • Size

    466KB

  • Sample

    241127-plp77stjey

  • MD5

    a7d73b32f22b800d2adb52ea155a5889

  • SHA1

    359de737484fd3ef23a4bd706ab495c93a885e6b

  • SHA256

    e9749cb629ec782b469f69f8e8c432b203cd61b01a9b6bd28ee62b5e6160a95c

  • SHA512

    e919aaaeb287a9bbaf356b158c729bd9583201966ce3a0dd371962442bc1a9ec2a024e1c3073f2d9dda0db7b60bc1f07eb4a3c7e34c7c58cd4cb19919474f735

  • SSDEEP

    6144:QE1RKZU+ZXCdlcULATXwCgamn8SSb/Jp38+k4e3Dfy3gJkCg2sCIAMRKjCPlduN3:b1QZU+B/UIz9k8SSbR983zGeTs2eU

Score
10/10
modiloaderdiscoveryevasiontrojan

Malware Config

Targets

    • Target

      a7d73b32f22b800d2adb52ea155a5889_JaffaCakes118

    • Size

      466KB

    • MD5

      a7d73b32f22b800d2adb52ea155a5889

    • SHA1

      359de737484fd3ef23a4bd706ab495c93a885e6b

    • SHA256

      e9749cb629ec782b469f69f8e8c432b203cd61b01a9b6bd28ee62b5e6160a95c

    • SHA512

      e919aaaeb287a9bbaf356b158c729bd9583201966ce3a0dd371962442bc1a9ec2a024e1c3073f2d9dda0db7b60bc1f07eb4a3c7e34c7c58cd4cb19919474f735

    • SSDEEP

      6144:QE1RKZU+ZXCdlcULATXwCgamn8SSb/Jp38+k4e3Dfy3gJkCg2sCIAMRKjCPlduN3:b1QZU+B/UIz9k8SSbR983zGeTs2eU

    Score
    10/10
    modiloaderdiscoveryevasiontrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Modiloader family

      modiloader

    • UAC bypass

      evasiontrojan

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks