Overview

overview

10

Static

static

3

JaffaCakes...4c.exe

windows7-x64

10

JaffaCakes...4c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_98425a307e6127b8cfdd89e97464b34c

  • Size

    481KB

  • Sample

    250330-e2jegssly6

  • MD5

    98425a307e6127b8cfdd89e97464b34c

  • SHA1

    5d2d09033cf0a7e2da947422277b73be6c0feabe

  • SHA256

    494136e6c04604c4f69dd6af191cbbf555be4cb359e4febe47ff28bde6b17935

  • SHA512

    7ffc43004be7c74c23bdb99673ec2ef12dc36257e948206046b23e45094c9734aa132675255c2a082fac581961a77804b2616bd7c588ffe9deaf742faa78a5ed

  • SSDEEP

    12288:80kgguy60j/7cRyfOSZ5w9zsYXDg6CIMALp4DtB7Yh3nS0Bt:800Ljo+ZnilC98eMh3S8t

Score
10/10
modiloaderdiscoverytrojan

Malware Config

Targets

    • Target

      JaffaCakes118_98425a307e6127b8cfdd89e97464b34c

    • Size

      481KB

    • MD5

      98425a307e6127b8cfdd89e97464b34c

    • SHA1

      5d2d09033cf0a7e2da947422277b73be6c0feabe

    • SHA256

      494136e6c04604c4f69dd6af191cbbf555be4cb359e4febe47ff28bde6b17935

    • SHA512

      7ffc43004be7c74c23bdb99673ec2ef12dc36257e948206046b23e45094c9734aa132675255c2a082fac581961a77804b2616bd7c588ffe9deaf742faa78a5ed

    • SSDEEP

      12288:80kgguy60j/7cRyfOSZ5w9zsYXDg6CIMALp4DtB7Yh3nS0Bt:800Ljo+ZnilC98eMh3S8t

    Score
    10/10
    modiloaderdiscoverytrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Modiloader family

      modiloader

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks