Overview

overview

10

Static

static

10

fed621783d...18.exe

windows7-x64

10

fed621783d...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fed621783d063c1bacc61cde5b76cc50_JaffaCakes118

  • Size

    692KB

  • Sample

    241219-hc612atmel

  • MD5

    fed621783d063c1bacc61cde5b76cc50

  • SHA1

    710ce1cf44256b7b5395f372a1832a4cfb640922

  • SHA256

    f4f9a6851a811650698188ef108bafb94a40f572758be3baa81cc9057361048a

  • SHA512

    6ff36681bf01a3ea8a4939ef36d4e8f8ab883f41f2ebd2f9ce32e69dcadde40fb7e84b8df7d7a8da4eab5a942abde4fda4bee87fdb9a0356b523820667a7ee7a

  • SSDEEP

    12288:dAltGgozqi5paO0lp9USQVUSyrkA4YZ6J+v5NdTgxWaSTAm:W72eas1USImaYIwPuIaSTJ

Score
10/10
modiloaderdiscoverytrojan

Malware Config

Targets

    • Target

      fed621783d063c1bacc61cde5b76cc50_JaffaCakes118

    • Size

      692KB

    • MD5

      fed621783d063c1bacc61cde5b76cc50

    • SHA1

      710ce1cf44256b7b5395f372a1832a4cfb640922

    • SHA256

      f4f9a6851a811650698188ef108bafb94a40f572758be3baa81cc9057361048a

    • SHA512

      6ff36681bf01a3ea8a4939ef36d4e8f8ab883f41f2ebd2f9ce32e69dcadde40fb7e84b8df7d7a8da4eab5a942abde4fda4bee87fdb9a0356b523820667a7ee7a

    • SSDEEP

      12288:dAltGgozqi5paO0lp9USQVUSyrkA4YZ6J+v5NdTgxWaSTAm:W72eas1USImaYIwPuIaSTJ

    Score
    10/10
    modiloaderdiscoverytrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Modiloader family

      modiloader

    • ModiLoader Second Stage

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks