Overview

overview

10

Static

static

7

ec72a64f23...18.exe

windows7-x64

10

ec72a64f23...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ec72a64f239e0642fa4504b08331bf70_JaffaCakes118

  • Size

    637KB

  • Sample

    241213-valcrswndj

  • MD5

    ec72a64f239e0642fa4504b08331bf70

  • SHA1

    a332cbf8bbe4461f84ace55a1eeb8cf148c8998b

  • SHA256

    dc02af71c2e9e957979acd9add4ff5abf8b0c1884413aada5d2c1274fb7ff0a6

  • SHA512

    ff48861c3f275b4f7b25758550d3332c7be7c7bdd9ff214b46dda975ca26f88bc2c416ff9bedb78d5c7c91c11dcdc48b3139dfe1b0311a008e6f2f476d87e0db

  • SSDEEP

    12288:RtvYDjQysEQ01yBDBx+j+75szx5e/R38RxWmFhrRmMq6:RtvYDjHvz1++jdreB8/XbR

Score
10/10
modiloaderaspackv2discoverytrojan

Malware Config

Targets

    • Target

      ec72a64f239e0642fa4504b08331bf70_JaffaCakes118

    • Size

      637KB

    • MD5

      ec72a64f239e0642fa4504b08331bf70

    • SHA1

      a332cbf8bbe4461f84ace55a1eeb8cf148c8998b

    • SHA256

      dc02af71c2e9e957979acd9add4ff5abf8b0c1884413aada5d2c1274fb7ff0a6

    • SHA512

      ff48861c3f275b4f7b25758550d3332c7be7c7bdd9ff214b46dda975ca26f88bc2c416ff9bedb78d5c7c91c11dcdc48b3139dfe1b0311a008e6f2f476d87e0db

    • SSDEEP

      12288:RtvYDjQysEQ01yBDBx+j+75szx5e/R38RxWmFhrRmMq6:RtvYDjHvz1++jdreB8/XbR

    Score
    10/10
    modiloaderaspackv2discoverytrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Modiloader family

      modiloader

    • ModiLoader Second Stage

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

      aspackv2

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks