Overview

overview

10

Static

static

7

403518179/...ass.js

windows7-x64

3

403518179/...ass.js

windows10-2004-x64

3

403518179/...ml.exe

windows7-x64

10

403518179/...ml.exe

windows10-2004-x64

10

403518179/...t1.exe

windows7-x64

7

403518179/...t1.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1abbb6cb6985c8dce875dc21b7d40c5e_JaffaCakes118

  • Size

    411KB

  • Sample

    240701-k8mclswgqq

  • MD5

    1abbb6cb6985c8dce875dc21b7d40c5e

  • SHA1

    abeb048fe91c6e032a88b87aa82da2bbb1955237

  • SHA256

    26baa4252ae3a62bb4eb2fa35c777637bdc15cc660b40ddc99eac73edc811956

  • SHA512

    f8ec276beb3af41255fb73e803db70af69cf466ad2963a15dad59eefa930694f941afdca7ef03c40c62e7d8110a3e46df640d771431c64e435edb30f4f60bede

  • SSDEEP

    6144:uZ5Thwqalk7grZqE9WRY/HXiKMm5Z96z/Tfs7A9lcFuos8NnhJWmseb612cl9a:yJ7alkMrZqEJi9oQ8icFt7hJWRDQ

Score
10/10
modiloaderexecutiontrojanupx

Malware Config

Targets

    • Target

      403518179/TEXT2HTML13/UConvertClass.pas

    • Size

      24KB

    • MD5

      833a979bd7369a5f85b2cc93ae402d2e

    • SHA1

      37c0630f4009dad9b5590b4206c7bc936413eb05

    • SHA256

      baab79150642f90f837b3230f8cb0f56515e939aa333b838ff92e3a3dcb28b63

    • SHA512

      e384d75d06c794e3da61071694db7e506a077f10f5a5bde7761c37c4efc77ace528c6c5d5634e7a8ced42b88df5c770dd9ecdd1ad1c379a6bf962a4f3fca0e6f

    • SSDEEP

      384:qGQwSA7IA0wG5O11eFfYKeaIhwgGEKVo6BVhp5Xt:qGgA0X8EfYKvIhw+KTVhp5Xt

    Score
    3/10
    execution
    behavioral1behavioral2

    • Target

      403518179/TEXT2HTML13/text2html.exe

    • Size

      295KB

    • MD5

      7df17e6f492e779e8b73e04069f06a77

    • SHA1

      2da8d96d604d72ba27c64cd0c5b1dca6fb359a97

    • SHA256

      32410ff3e7b6f2e206aff674135ea3d5b703b4b1be25c78e7c0595c468d27bd2

    • SHA512

      94e51905a30b816695a1930d3190cbcf4818023aa99392908d619460d7dd36d518f2433b46d79883a112a1445d98725cecddf40aebca5ba9e4819d237f552e70

    • SSDEEP

      6144:wl4MI7sUKhMsMHcJQcH7tyytkWIrEBf4eMSB+I0Bs3uJ:8UKGs0+DHMBWIa4aBH0BseJ

    Score
    10/10
    modiloadertrojanupx

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader First Stage

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral3behavioral4

    • Target

      403518179/flashget1.exe

    • Size

      49KB

    • MD5

      6c09ec31b87e8c4c37a571de86cefebb

    • SHA1

      12dbce9f388162a27de2bc757863eac1cc3f3d6b

    • SHA256

      92449ef542dd41fc40c8c9de928588f590694f16e271a18a17d2c5d7c70faed9

    • SHA512

      1a793f975db781544976ee4c236c49a82138824da48e57957b163697e20fab5ba8d1fc79864864451a02a9dc3e4439ca499ff01d603e6fe13bfe7a2938e1d543

    • SSDEEP

      1536:0kh1tUlXu37pA828Nz9uNizpDuD4x/AYxJ:rh1alXu3DF9lzpn/Am

    Score
    7/10

    • Executes dropped EXE

    • Drops file in System32 directory

    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

JavaScript

1
T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks