General
-
Target
207c54465d8161ddb06f5d6595e7023c_JaffaCakes118
-
Size
2.2MB
-
Sample
240507-n1qlvaef4w
-
MD5
207c54465d8161ddb06f5d6595e7023c
-
SHA1
5814ec88b619a67d0fccc6a08fbdfba4ff9bd734
-
SHA256
12ba8fa8d56e5815bba3aec91ad6adad3df7426ac0d5de3cf9be0642a39ea591
-
SHA512
95383512484b75795904a24c9f3eecbcffcc439cdc626e2c779c50c9a8b33c14834fe4d2a21b0d36fda5902a83514920b90eebb09b9990edb0736968ff344b65
-
SSDEEP
49152:t/X4I+BvbV7oEBSYedAt5j+B4VckZbGjfoWUxmK785VeN8dx9tpRQ75:FoIWj1ZSE3j+BwcWGbohmKI5VA8dFzq5
Behavioral task
behavioral1
Sample
恋雪系统变速器 1.4 Beta2/lxspeed.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
恋雪系统变速器 1.4 Beta2/lxspeed.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral3
Sample
恋雪系统变速器 1.4 Beta2/恋雪系统变速器 1.4 Beta2.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
恋雪系统变速器 1.4 Beta2/恋雪系统变速器 1.4 Beta2.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral5
Sample
恋雪系统变速器 1.4 Beta2/红豆软件站.url
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
恋雪系统变速器 1.4 Beta2/红豆软件站.url
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
恋雪系统变速器 1.4 Beta2/lxspeed.spd
-
Size
103KB
-
MD5
8005750ec63eb5292884ad6183ae2e77
-
SHA1
c83e31655e271cd9ef5bff62b10f8d51eb3ebf29
-
SHA256
df9f56c4da160101567b0526845228ee481ee7d2f98391696fa27fe41f8acf15
-
SHA512
febbc6374e9a5c7c9029ccbff2c0ecf448d76927c8d720a4eae513b345d2a3f6de8cf774ae40dcd335af59537666e83ce994ec0adc8b9e8ab4575415e3c3e206
-
SSDEEP
3072:75yP416sLgrTWiKc0rUH9rRq/SJIJmECqc2QOeH:czsMH0Yl2QE3zY
Score1/10 -
-
-
Target
恋雪系统变速器 1.4 Beta2/恋雪系统变速器 1.4 Beta2.exe
-
Size
2.2MB
-
MD5
ed00bbb91cc136de5b56270fe470f0f6
-
SHA1
b3eac9bd49897ae871a2992368014534a9cd86f0
-
SHA256
1ea21ca8cbf3ca8e964d8a4a93c91eaf83771e2878bd67dc4cb4721774e6a260
-
SHA512
f933d267837ae594852bfc6cf357c11d539cb0b144ecd7d08f582bb0c5c79938ea18433d81480238bb0fc443fc54254212ce2e8a8249fde251adfc7253cb88e5
-
SSDEEP
49152:LXeJczfx+OmM7WNQovKIRZLdhS/bety0vYdqG85HedVm1s8:LXccb4dM7WLKIj8Ct1vcqrYa
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
-
-
Target
恋雪系统变速器 1.4 Beta2/红豆软件站.url
-
Size
105B
-
MD5
9bfa9879cc1b507b3284c1434ccc0809
-
SHA1
bf599f67b2f96891dd145c92744d20ee461c6bbe
-
SHA256
36df540ac0dc58bd209e9f7a722cfe457ee75f5d192c397362ec70d9862019c4
-
SHA512
8d9163ad64cf2ff73343f378f44b50072dd8cc1cf68e087403b315be36c75e3b53c37c1103237af8e83e5fe773f7820aca1433749111255828175974a397589e
Score1/10 -