Overview

overview

10

Static

static

7

1d01c7f1db...18.exe

windows7-x64

10

1d01c7f1db...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1d01c7f1db5381fa6ba01370f6a5d4f4_JaffaCakes118

  • Size

    620KB

  • Sample

    240701-3yaj6sxgpd

  • MD5

    1d01c7f1db5381fa6ba01370f6a5d4f4

  • SHA1

    5e643a32c4fd9c4b0d0c5296aa233ed9a57fc551

  • SHA256

    30577a08cb62130bff90f1739456d47ebdb47e67bf35903cc09c3cce8eeed595

  • SHA512

    10beed2a774eb091c74505cd75bcee1fc0bbb8f6b5ed4ab01f681fb28cc06bcf3834970e44be24ee8af43d57d5104e5a6b37b9ab1331d7d985030469e89ea7bc

  • SSDEEP

    12288:jd0eD4rYgrF9agiCkMKK4ZuKDWNZkpGO0TJUJar:jdxD4t59fDKsb60TJ/

Score
10/10
modiloaderevasionthemidatrojan

Malware Config

Targets

    • Target

      1d01c7f1db5381fa6ba01370f6a5d4f4_JaffaCakes118

    • Size

      620KB

    • MD5

      1d01c7f1db5381fa6ba01370f6a5d4f4

    • SHA1

      5e643a32c4fd9c4b0d0c5296aa233ed9a57fc551

    • SHA256

      30577a08cb62130bff90f1739456d47ebdb47e67bf35903cc09c3cce8eeed595

    • SHA512

      10beed2a774eb091c74505cd75bcee1fc0bbb8f6b5ed4ab01f681fb28cc06bcf3834970e44be24ee8af43d57d5104e5a6b37b9ab1331d7d985030469e89ea7bc

    • SSDEEP

      12288:jd0eD4rYgrF9agiCkMKK4ZuKDWNZkpGO0TJUJar:jdxD4t59fDKsb60TJ/

    Score
    10/10
    modiloaderevasionthemidatrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

1
T1012

Virtualization/Sandbox Evasion

1
T1497

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks