Overview

overview

10

Static

static

3

174c85c315...18.exe

windows7-x64

10

174c85c315...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    174c85c315f791137ba772323832e3a8_JaffaCakes118

  • Size

    684KB

  • Sample

    240627-yhgw4azcmq

  • MD5

    174c85c315f791137ba772323832e3a8

  • SHA1

    51a1a72e1aa3c35872ec6b7f97cc81712e84bbaa

  • SHA256

    e38c0d4a0dc32a7522228bc357288b2a848a85660ae5ee0224162823f6130026

  • SHA512

    8f2510a4356deaca34f8be3c36802368acce2a79dac01645dfcf299e8ded3180ced8c0073cf931ec7200609203f955eaa1ab300eaad01e7a88775ab5fd54d70c

  • SSDEEP

    12288:Ij2w3rk+yiBbhfHTtltLQ8UOYeCytF3Z4mxxdCpde+o1ZUT:IjzFBbhfzrtLx6eCytQmXdCphony

Score
10/10
modiloadertrojan

Malware Config

Targets

    • Target

      174c85c315f791137ba772323832e3a8_JaffaCakes118

    • Size

      684KB

    • MD5

      174c85c315f791137ba772323832e3a8

    • SHA1

      51a1a72e1aa3c35872ec6b7f97cc81712e84bbaa

    • SHA256

      e38c0d4a0dc32a7522228bc357288b2a848a85660ae5ee0224162823f6130026

    • SHA512

      8f2510a4356deaca34f8be3c36802368acce2a79dac01645dfcf299e8ded3180ced8c0073cf931ec7200609203f955eaa1ab300eaad01e7a88775ab5fd54d70c

    • SSDEEP

      12288:Ij2w3rk+yiBbhfHTtltLQ8UOYeCytF3Z4mxxdCpde+o1ZUT:IjzFBbhfzrtLx6eCytQmXdCphony

    Score
    10/10
    modiloadertrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks