Overview

overview

10

Static

static

3

相片.exe

windows7-x64

10

相片.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d1758c936d697053d715d1d7cd29312e_JaffaCakes118

  • Size

    493KB

  • Sample

    241207-j6x6natpe1

  • MD5

    d1758c936d697053d715d1d7cd29312e

  • SHA1

    846c4523580d030e49d0a3b2f6006ad02f43af71

  • SHA256

    e5138ae557c980247ca6e368e076c9a80fecc7f9783a6511fb73da1d3b0bc979

  • SHA512

    3ee7829c5b3dbfe386491908e9d4e3bf7a3dd03fc571f4ab38307b8f018420eed4dd3779ff71532365dbb194a78bfa0a3dcee78aac0bd7c3cfc20268d5b117ca

  • SSDEEP

    12288:vsWz2ZZE64OxdTjnxIzF74sQufdWrGFu4qwCxO:vs42vE6t1jnUmufdWOudFxO

Score
10/10
modiloaderdiscoverypersistencetrojan

Malware Config

Targets

    • Target

      相片.exe

    • Size

      524KB

    • MD5

      d6166c827c4aa5ce21a4582b59e7f052

    • SHA1

      2506d7594acbbd5cc97a1920d340c72af4785341

    • SHA256

      e507ae41376d6907c5fd3ef83faa70bd8c633321c8270e5ae136c0f8ec1cffba

    • SHA512

      78bfb086babcb5e82425d0ee6eb5796f1d245c39e75d1ffc1cd87432c56c41619cb100319e35dab2505921ab7e928db679e22f55c1dcc4278fba3ba991a16fda

    • SSDEEP

      12288:vJiH3Q0Ir0PHDenmJ9eNIkNj3Q9FVKE1wLlC:vQQPw/qnmiRKBAC

    Score
    10/10
    modiloaderdiscoverypersistencetrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Modiloader family

      modiloader

    • ModiLoader Second Stage

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks