General
-
Target
7735c4474b9b25f5a2474f33e92cfa5a_JaffaCakes118
-
Size
798KB
-
Sample
240526-3r6c9sge21
-
MD5
7735c4474b9b25f5a2474f33e92cfa5a
-
SHA1
2726cfc028852c098fc567ce37c99472b4a9978a
-
SHA256
70a17f882746bc26e6857b612292d72779adfcef08dbe07125f510a1f6a00767
-
SHA512
3f1c0be3e9c93a689a5ea53cc250ff2acfea00e3d584392161ad0f9c93ce830c36524c945e76a277938f35282fb10b0eb7bd59e49d1e33330196b4c26e8c2fc1
-
SSDEEP
12288:2TW7lerECtu4aLgbqu6khVc0qI7oe3gP9WDMLMnNTloICn/dD:7perrOUj6k7ZqC30laplcD
Malware Config
Targets
-
-
Target
7735c4474b9b25f5a2474f33e92cfa5a_JaffaCakes118
-
Size
798KB
-
MD5
7735c4474b9b25f5a2474f33e92cfa5a
-
SHA1
2726cfc028852c098fc567ce37c99472b4a9978a
-
SHA256
70a17f882746bc26e6857b612292d72779adfcef08dbe07125f510a1f6a00767
-
SHA512
3f1c0be3e9c93a689a5ea53cc250ff2acfea00e3d584392161ad0f9c93ce830c36524c945e76a277938f35282fb10b0eb7bd59e49d1e33330196b4c26e8c2fc1
-
SSDEEP
12288:2TW7lerECtu4aLgbqu6khVc0qI7oe3gP9WDMLMnNTloICn/dD:7perrOUj6k7ZqC30laplcD
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-