General
-
Target
ff35523562a0f9ff51ff4c17050b5220_JaffaCakes118
-
Size
281KB
-
Sample
240421-nyscnaah4z
-
MD5
ff35523562a0f9ff51ff4c17050b5220
-
SHA1
0f4ac5ca9cc5b11567140463805ebb5228fac17d
-
SHA256
fb6896e161ffd7a0c0afc2938ce529d0fad598c9fe89f347b137cc37a76f637e
-
SHA512
486814d30f4852694e3a3e22b902431bff5eb0b832554a5e5a27daf3edc04aa71d23925ce571b1ef4c519060db3a5fca13114175e1c33167764351995fce72cb
-
SSDEEP
6144:ZV0jzqVArhFdSEnFYtGtr6PKypSHEKoLMZDZn/m1zBNMGCl6ct:IjSGhFgEnFYtE0KA2EKooZDZn/m1PMnd
Malware Config
Targets
-
-
Target
ff35523562a0f9ff51ff4c17050b5220_JaffaCakes118
-
Size
281KB
-
MD5
ff35523562a0f9ff51ff4c17050b5220
-
SHA1
0f4ac5ca9cc5b11567140463805ebb5228fac17d
-
SHA256
fb6896e161ffd7a0c0afc2938ce529d0fad598c9fe89f347b137cc37a76f637e
-
SHA512
486814d30f4852694e3a3e22b902431bff5eb0b832554a5e5a27daf3edc04aa71d23925ce571b1ef4c519060db3a5fca13114175e1c33167764351995fce72cb
-
SSDEEP
6144:ZV0jzqVArhFdSEnFYtGtr6PKypSHEKoLMZDZn/m1zBNMGCl6ct:IjSGhFgEnFYtE0KA2EKooZDZn/m1PMnd
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-