Overview

overview

10

Static

static

3

bad62b9285...18.exe

windows7-x64

10

bad62b9285...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bad62b9285ab844b1b023e65d618bbd9_JaffaCakes118

  • Size

    409KB

  • Sample

    241203-ah8stazmfv

  • MD5

    bad62b9285ab844b1b023e65d618bbd9

  • SHA1

    e04095e1074b8bbe358ccee17239e0e9a8f80342

  • SHA256

    0a258b44d12a5b1303d6e92cff7448b8b5c6d9972c76f0c7fb97fce0a0997bdc

  • SHA512

    fa1dafad2b6780e9ff6fe5512dc77c51488df4d57079a37223f1660b95326c9c952113d6641897f6bafdda670cb2455230393adaee357b633e94c0c0727fed43

  • SSDEEP

    6144:xj8dKd5kxmwgf6954JAs2SEUMIfX2rxJKSRVowzgK8YxFv7yRCfnVBEMWI:bd5kYwgf254Ks/h/2rxJKSRVBUSsa3

Score
10/10
modiloaderdiscoverypersistencetrojan

Malware Config

Targets

    • Target

      bad62b9285ab844b1b023e65d618bbd9_JaffaCakes118

    • Size

      409KB

    • MD5

      bad62b9285ab844b1b023e65d618bbd9

    • SHA1

      e04095e1074b8bbe358ccee17239e0e9a8f80342

    • SHA256

      0a258b44d12a5b1303d6e92cff7448b8b5c6d9972c76f0c7fb97fce0a0997bdc

    • SHA512

      fa1dafad2b6780e9ff6fe5512dc77c51488df4d57079a37223f1660b95326c9c952113d6641897f6bafdda670cb2455230393adaee357b633e94c0c0727fed43

    • SSDEEP

      6144:xj8dKd5kxmwgf6954JAs2SEUMIfX2rxJKSRVowzgK8YxFv7yRCfnVBEMWI:bd5kYwgf254Ks/h/2rxJKSRVBUSsa3

    Score
    10/10
    modiloaderdiscoverypersistencetrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Modiloader family

      modiloader

    • ModiLoader Second Stage

    • Event Triggered Execution: Image File Execution Options Injection

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks