General

  • Target

    207c54465d8161ddb06f5d6595e7023c_JaffaCakes118

  • Size

    2.2MB

  • Sample

    240507-n1qlvaef4w

  • MD5

    207c54465d8161ddb06f5d6595e7023c

  • SHA1

    5814ec88b619a67d0fccc6a08fbdfba4ff9bd734

  • SHA256

    12ba8fa8d56e5815bba3aec91ad6adad3df7426ac0d5de3cf9be0642a39ea591

  • SHA512

    95383512484b75795904a24c9f3eecbcffcc439cdc626e2c779c50c9a8b33c14834fe4d2a21b0d36fda5902a83514920b90eebb09b9990edb0736968ff344b65

  • SSDEEP

    49152:t/X4I+BvbV7oEBSYedAt5j+B4VckZbGjfoWUxmK785VeN8dx9tpRQ75:FoIWj1ZSE3j+BwcWGbohmKI5VA8dFzq5

Malware Config

Targets

    • Target

      恋雪系统变速器 1.4 Beta2/lxspeed.spd

    • Size

      103KB

    • MD5

      8005750ec63eb5292884ad6183ae2e77

    • SHA1

      c83e31655e271cd9ef5bff62b10f8d51eb3ebf29

    • SHA256

      df9f56c4da160101567b0526845228ee481ee7d2f98391696fa27fe41f8acf15

    • SHA512

      febbc6374e9a5c7c9029ccbff2c0ecf448d76927c8d720a4eae513b345d2a3f6de8cf774ae40dcd335af59537666e83ce994ec0adc8b9e8ab4575415e3c3e206

    • SSDEEP

      3072:75yP416sLgrTWiKc0rUH9rRq/SJIJmECqc2QOeH:czsMH0Yl2QE3zY

    Score
    1/10
    • Target

      恋雪系统变速器 1.4 Beta2/恋雪系统变速器 1.4 Beta2.exe

    • Size

      2.2MB

    • MD5

      ed00bbb91cc136de5b56270fe470f0f6

    • SHA1

      b3eac9bd49897ae871a2992368014534a9cd86f0

    • SHA256

      1ea21ca8cbf3ca8e964d8a4a93c91eaf83771e2878bd67dc4cb4721774e6a260

    • SHA512

      f933d267837ae594852bfc6cf357c11d539cb0b144ecd7d08f582bb0c5c79938ea18433d81480238bb0fc443fc54254212ce2e8a8249fde251adfc7253cb88e5

    • SSDEEP

      49152:LXeJczfx+OmM7WNQovKIRZLdhS/bety0vYdqG85HedVm1s8:LXccb4dM7WLKIj8Ct1vcqrYa

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • ModiLoader Second Stage

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    • Target

      恋雪系统变速器 1.4 Beta2/红豆软件站.url

    • Size

      105B

    • MD5

      9bfa9879cc1b507b3284c1434ccc0809

    • SHA1

      bf599f67b2f96891dd145c92744d20ee461c6bbe

    • SHA256

      36df540ac0dc58bd209e9f7a722cfe457ee75f5d192c397362ec70d9862019c4

    • SHA512

      8d9163ad64cf2ff73343f378f44b50072dd8cc1cf68e087403b315be36c75e3b53c37c1103237af8e83e5fe773f7820aca1433749111255828175974a397589e

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks