Overview

overview

10

Static

static

10

ec9fccfebe...18.exe

windows7-x64

10

ec9fccfebe...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ec9fccfebe64320905f445d8f171b814_JaffaCakes118

  • Size

    69KB

  • Sample

    241213-v6v7vawkew

  • MD5

    ec9fccfebe64320905f445d8f171b814

  • SHA1

    11b13044a7461675cbb0d654db20c7d4c960e512

  • SHA256

    437bccd4c34dccdc210dfc53d359df19542597d1db16d66ac89731fe0e5abda3

  • SHA512

    8999be2fe323aa362239ed36775e5c3a3409825d5714d87081e097f3faafcc94dc554309061698a2fbc2120f9737be13675ecc3a372c8e42ce3408b735ba99d4

  • SSDEEP

    1536:ZimpUWPQDaq2qwKacTPceg9k7XXZO+O0IBb7D5:Zi2UEq3nJE5slRQb5

Score
10/10
modiloaderdiscoverytrojan

Malware Config

Targets

    • Target

      ec9fccfebe64320905f445d8f171b814_JaffaCakes118

    • Size

      69KB

    • MD5

      ec9fccfebe64320905f445d8f171b814

    • SHA1

      11b13044a7461675cbb0d654db20c7d4c960e512

    • SHA256

      437bccd4c34dccdc210dfc53d359df19542597d1db16d66ac89731fe0e5abda3

    • SHA512

      8999be2fe323aa362239ed36775e5c3a3409825d5714d87081e097f3faafcc94dc554309061698a2fbc2120f9737be13675ecc3a372c8e42ce3408b735ba99d4

    • SSDEEP

      1536:ZimpUWPQDaq2qwKacTPceg9k7XXZO+O0IBb7D5:Zi2UEq3nJE5slRQb5

    Score
    10/10
    modiloaderdiscoverytrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Modiloader family

      modiloader

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks