Overview

overview

10

Static

static

3

f385a4bbae...18.exe

windows7-x64

10

f385a4bbae...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f385a4bbae513cc1dc4bd6f0e20c1697_JaffaCakes118

  • Size

    150KB

  • Sample

    241215-l9frws1khw

  • MD5

    f385a4bbae513cc1dc4bd6f0e20c1697

  • SHA1

    094ffec55b2532a161871bbeafb9302210495d7d

  • SHA256

    c25b7b255bb093cea453412cfb041c75eac5253737a180aecd6646e1ecf0e047

  • SHA512

    02d2fa90198eafe72eb8ce57b668b2a5f9a4f95fe82a6cd3b0b6e4d15d59ef0fee8c724e457cd44241393c18e06c62bd686998e2a04f75d5edc05057b169cd78

  • SSDEEP

    3072:LoAO+7+lAApeQN5/ioqPTYalF0agXgDKNj9C0c17WIxrZG:LoC7tfQN5/inEaMadDKNa1aI5

Score
10/10
modiloaderbootkitdiscoverypersistencetrojan

Malware Config

Targets

    • Target

      f385a4bbae513cc1dc4bd6f0e20c1697_JaffaCakes118

    • Size

      150KB

    • MD5

      f385a4bbae513cc1dc4bd6f0e20c1697

    • SHA1

      094ffec55b2532a161871bbeafb9302210495d7d

    • SHA256

      c25b7b255bb093cea453412cfb041c75eac5253737a180aecd6646e1ecf0e047

    • SHA512

      02d2fa90198eafe72eb8ce57b668b2a5f9a4f95fe82a6cd3b0b6e4d15d59ef0fee8c724e457cd44241393c18e06c62bd686998e2a04f75d5edc05057b169cd78

    • SSDEEP

      3072:LoAO+7+lAApeQN5/ioqPTYalF0agXgDKNj9C0c17WIxrZG:LoC7tfQN5/inEaMadDKNa1aI5

    Score
    10/10
    modiloaderbootkitdiscoverypersistencetrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Modiloader family

      modiloader

    • ModiLoader Second Stage

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks