Overview

overview

10

Static

static

3

JaffaCakes...26.exe

windows7-x64

10

JaffaCakes...26.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_97b888ba6eef4115e5668115f8d48326

  • Size

    172KB

  • Sample

    250329-y4na1atqv4

  • MD5

    97b888ba6eef4115e5668115f8d48326

  • SHA1

    ba9990f6e99b1d71ae1ad3aa613783afb0f9b992

  • SHA256

    085b48df0405c90b8399284f2a85c04756ab3bb03995030974c140217cd9aade

  • SHA512

    cd13e4d89b1debd1dacfcb59fc98cc615adf0fab52a23b070e6bd03eff9a98194666b908fccbc5c49970a7c0d40f89c3830f1ca0cc6b63ba3ad71587cc29ba3a

  • SSDEEP

    3072:P/wOSPfEzlFpyAuf6LpvesIDR/au01ZNs2YV8Jds8+HF:HaWlFpIMIDdau01Y2Yhl

Score
10/10
modiloaderdefense_evasiondiscoverytrojanupx

Malware Config

Targets

    • Target

      JaffaCakes118_97b888ba6eef4115e5668115f8d48326

    • Size

      172KB

    • MD5

      97b888ba6eef4115e5668115f8d48326

    • SHA1

      ba9990f6e99b1d71ae1ad3aa613783afb0f9b992

    • SHA256

      085b48df0405c90b8399284f2a85c04756ab3bb03995030974c140217cd9aade

    • SHA512

      cd13e4d89b1debd1dacfcb59fc98cc615adf0fab52a23b070e6bd03eff9a98194666b908fccbc5c49970a7c0d40f89c3830f1ca0cc6b63ba3ad71587cc29ba3a

    • SSDEEP

      3072:P/wOSPfEzlFpyAuf6LpvesIDR/au01ZNs2YV8Jds8+HF:HaWlFpIMIDdau01Y2Yhl

    Score
    10/10
    modiloaderdefense_evasiondiscoverytrojanupx

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Modiloader family

      modiloader

    • ModiLoader Second Stage

    • Deletes itself

    • Executes dropped EXE

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks