Overview

overview

10

Static

static

3

db709ffca1...18.exe

windows7-x64

10

db709ffca1...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    db709ffca16b90369f0feadd92730fec_JaffaCakes118

  • Size

    2.0MB

  • Sample

    241209-zfvwlsvrfl

  • MD5

    db709ffca16b90369f0feadd92730fec

  • SHA1

    167dcea6800303f9ba2fd28d82fdecd3feb2d160

  • SHA256

    77c0e470dfc8b4234cb665773a97b9b98864e993acbac3de284ee474160f556f

  • SHA512

    cfb446da9657ac4615f632133310f1e5fe21fe6e6ea61987be581f122fe4181aa6985626333291f119adedfb76dfbacca1e063879686f3caf3be8e70b4f81bb2

  • SSDEEP

    49152:xdc6IDfhIOnpoDrwQs+bLc4SexDWDwRZuc2qdL3ejAq1n2:xdcLDfhI2sHs871xDWDAZOWajP12

Score
10/10
modiloaderdiscoverypersistencetrojanupx

Malware Config

Targets

    • Target

      db709ffca16b90369f0feadd92730fec_JaffaCakes118

    • Size

      2.0MB

    • MD5

      db709ffca16b90369f0feadd92730fec

    • SHA1

      167dcea6800303f9ba2fd28d82fdecd3feb2d160

    • SHA256

      77c0e470dfc8b4234cb665773a97b9b98864e993acbac3de284ee474160f556f

    • SHA512

      cfb446da9657ac4615f632133310f1e5fe21fe6e6ea61987be581f122fe4181aa6985626333291f119adedfb76dfbacca1e063879686f3caf3be8e70b4f81bb2

    • SSDEEP

      49152:xdc6IDfhIOnpoDrwQs+bLc4SexDWDwRZuc2qdL3ejAq1n2:xdcLDfhI2sHs871xDWDAZOWajP12

    Score
    10/10
    modiloaderdiscoverypersistencetrojanupx

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Modiloader family

      modiloader

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks