Overview

overview

10

Static

static

3

b0d2b0ce53...18.exe

windows7-x64

10

b0d2b0ce53...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b0d2b0ce538409816e44e9bb905504c8_JaffaCakes118

  • Size

    285KB

  • Sample

    241129-m5zjwa1rfw

  • MD5

    b0d2b0ce538409816e44e9bb905504c8

  • SHA1

    532a7d66ea9689d6dd7990a5ce821bbcff169a3f

  • SHA256

    755f844127faff618e3aa59c9f5ca5cdf69de6f8a1bd31143656aa378f0b17db

  • SHA512

    8444b61d077da1040a2987b00187bdf02a7b241121ae73debb5828783e4fe7ef0f272705c5352363452669472f00424ecede16fc7ac131e02a3a6557c4e858de

  • SSDEEP

    6144:oH0WTf6p+an7GikE8tCbaro13qNWwTEQSqpaJNFA5AaJqVxR:oUWTf6pFn7Gg8gbP9q4wTEQSQBo

Score
10/10
modiloaderdiscoverytrojan

Malware Config

Targets

    • Target

      b0d2b0ce538409816e44e9bb905504c8_JaffaCakes118

    • Size

      285KB

    • MD5

      b0d2b0ce538409816e44e9bb905504c8

    • SHA1

      532a7d66ea9689d6dd7990a5ce821bbcff169a3f

    • SHA256

      755f844127faff618e3aa59c9f5ca5cdf69de6f8a1bd31143656aa378f0b17db

    • SHA512

      8444b61d077da1040a2987b00187bdf02a7b241121ae73debb5828783e4fe7ef0f272705c5352363452669472f00424ecede16fc7ac131e02a3a6557c4e858de

    • SSDEEP

      6144:oH0WTf6p+an7GikE8tCbaro13qNWwTEQSqpaJNFA5AaJqVxR:oUWTf6pFn7Gg8gbP9q4wTEQSQBo

    Score
    10/10
    modiloaderdiscoverytrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Modiloader family

      modiloader

    • ModiLoader Second Stage

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks