Overview

overview

10

Static

static

7

1e8c1f3e8d...18.rar

windows7-x64

3

1e8c1f3e8d...18.rar

windows10-2004-x64

3

CrmStar/CrmStar.exe

windows7-x64

10

CrmStar/CrmStar.exe

windows10-2004-x64

10

CrmStar/help.htm

windows7-x64

1

CrmStar/help.htm

windows10-2004-x64

1

CrmStar/index.htm

windows7-x64

1

CrmStar/index.htm

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1e8c1f3e8d0ca7a6fc980c486a7fdf63_JaffaCakes118

  • Size

    672KB

  • Sample

    240702-jswexaxarq

  • MD5

    1e8c1f3e8d0ca7a6fc980c486a7fdf63

  • SHA1

    1cd7c6ec620fcf6918d1451d5c63db335f784e9a

  • SHA256

    fbb7385b196cfe0a7c6058cf93a779f34c95fd2c5fe7dc12852f333c821f2a21

  • SHA512

    32798bbaaae34b73368df6157278ffa854635c851584c704b657546294d95d70ae8685676ef707da588e7c065c5ef8c03f2e99e2a223d4f33215f058a0f84db3

  • SSDEEP

    12288:/EncKrG7o1Snfgnezyi8CRvNK6fDUmAENiytAcAnedKW0PX3aR8n97pzQ9:pgP1qfgnezX8oN73A1exkX3Vn9tzQ9

Score
10/10
modiloaderaspackv2trojan

Malware Config

Targets

    • Target

      1e8c1f3e8d0ca7a6fc980c486a7fdf63_JaffaCakes118

    • Size

      672KB

    • MD5

      1e8c1f3e8d0ca7a6fc980c486a7fdf63

    • SHA1

      1cd7c6ec620fcf6918d1451d5c63db335f784e9a

    • SHA256

      fbb7385b196cfe0a7c6058cf93a779f34c95fd2c5fe7dc12852f333c821f2a21

    • SHA512

      32798bbaaae34b73368df6157278ffa854635c851584c704b657546294d95d70ae8685676ef707da588e7c065c5ef8c03f2e99e2a223d4f33215f058a0f84db3

    • SSDEEP

      12288:/EncKrG7o1Snfgnezyi8CRvNK6fDUmAENiytAcAnedKW0PX3aR8n97pzQ9:pgP1qfgnezX8oN73A1exkX3Vn9tzQ9

    Score
    3/10
    behavioral1behavioral2

    • Target

      CrmStar/CrmStar.exe

    • Size

      599KB

    • MD5

      970c90814b1d3653862b0aca515cf31f

    • SHA1

      a4a30a11336632777f299b678ff251b232ec9ca0

    • SHA256

      35d4a5d6fbdc774b509b242ddd66b2a3d6e814fae5c8eb215843a3eb083fe0a4

    • SHA512

      957a59e1c62d2926cc797129cc7fff5f19ba9e1528f119abc2726fedaa33d1b0998cf412a31586e3333a953497439bce3792108a0b5c929d40d736f73159d8d9

    • SSDEEP

      12288:ST583zy4nHY9/926Z/aBBrSInCS/K5eKhUxD3ZjGELjjBUlXBxz:Te4nHYN9PN9IRicKED31vp2Bxz

    Score
    10/10
    modiloadertrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader First Stage

    behavioral3behavioral4

    • Target

      CrmStar/help.htm

    • Size

      9KB

    • MD5

      5e9d1270e1408d74c53c9d8d86c8168d

    • SHA1

      85ed8616833af86e37fd1102cd3399e3de11ceda

    • SHA256

      93e9623356e156c01ece180c4236d7db4b03866cc919c95b98125b29002ed889

    • SHA512

      3ac0b551d352e5aa5ced06f970e589c8401de6378cda4ba629aed7b82b28ffe2a51df8998f537c7845a0cadaeb1a99715d2ccea2f3e28ef36d049c6b6a122a90

    • SSDEEP

      192:lZG2lZf3nBDDfSskSaLpZVHcK61Q1Ly6lEj1jTRic4cuBeacNHnaVJk24D:lzZf3nlspwVQ1Lh0jO0CJk24D

    Score
    1/10
    behavioral5behavioral6

    • Target

      CrmStar/index.htm

    • Size

      9KB

    • MD5

      5e9d1270e1408d74c53c9d8d86c8168d

    • SHA1

      85ed8616833af86e37fd1102cd3399e3de11ceda

    • SHA256

      93e9623356e156c01ece180c4236d7db4b03866cc919c95b98125b29002ed889

    • SHA512

      3ac0b551d352e5aa5ced06f970e589c8401de6378cda4ba629aed7b82b28ffe2a51df8998f537c7845a0cadaeb1a99715d2ccea2f3e28ef36d049c6b6a122a90

    • SSDEEP

      192:lZG2lZf3nBDDfSskSaLpZVHcK61Q1Ly6lEj1jTRic4cuBeacNHnaVJk24D:lzZf3nlspwVQ1Lh0jO0CJk24D

    Score
    1/10
    behavioral7behavioral8

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks