Overview

overview

10

Static

static

3

1c1cb093eb...18.exe

windows7-x64

10

1c1cb093eb...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1c1cb093eb075553cd721d9b6caf13c7_JaffaCakes118

  • Size

    577KB

  • Sample

    240701-xfzhpaxdnn

  • MD5

    1c1cb093eb075553cd721d9b6caf13c7

  • SHA1

    3e1bf993c87e5e95c106e76b7347465d69a8c180

  • SHA256

    4079bd3de7b40a60c198c57ecd4879a28f62a6b811eab120f3c95ce6e8dbb081

  • SHA512

    7291c679b7d7fd7253e411125517bbdc0cd446d59842d69c9bd06344612a2021bab93c50fa0c8864935c8bce647d8387987460f0c4ae216627758102aed1222d

  • SSDEEP

    12288:KKDW+/hKrRLZuNg1Q/5OLvH0Aka+F3Z4mxxjQxr3stpUp4vMDbvc2aW:KKDWQg1C/5CvkQmX5tc4vMDTco

Score
10/10
modiloadertrojan

Malware Config

Targets

    • Target

      1c1cb093eb075553cd721d9b6caf13c7_JaffaCakes118

    • Size

      577KB

    • MD5

      1c1cb093eb075553cd721d9b6caf13c7

    • SHA1

      3e1bf993c87e5e95c106e76b7347465d69a8c180

    • SHA256

      4079bd3de7b40a60c198c57ecd4879a28f62a6b811eab120f3c95ce6e8dbb081

    • SHA512

      7291c679b7d7fd7253e411125517bbdc0cd446d59842d69c9bd06344612a2021bab93c50fa0c8864935c8bce647d8387987460f0c4ae216627758102aed1222d

    • SSDEEP

      12288:KKDW+/hKrRLZuNg1Q/5OLvH0Aka+F3Z4mxxjQxr3stpUp4vMDbvc2aW:KKDWQg1C/5CvkQmX5tc4vMDTco

    Score
    10/10
    modiloadertrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks