Overview
overview
10Static
static
10access.dll
windows7-x64
1access.dll
windows10-2004-x64
1l2c.exe
windows7-x64
10l2c.exe
windows10-2004-x64
10l2cserv.exe
windows7-x64
10l2cserv.exe
windows10-2004-x64
10l2net.exe
windows7-x64
10l2net.exe
windows10-2004-x64
10l2update.exe
windows7-x64
7l2update.exe
windows10-2004-x64
7proc.dll
windows7-x64
1proc.dll
windows10-2004-x64
3General
-
Target
942f2e2a4446cfd70a4244cd223b56c4_JaffaCakes118
-
Size
4.9MB
-
Sample
240604-khxqnaba3v
-
MD5
942f2e2a4446cfd70a4244cd223b56c4
-
SHA1
14faf4f53f27c44b504de73a2836b391cc6d2617
-
SHA256
e9e96bfcecf2f4fdc536cb0e8b1b2a08cb660f4b73a87099deeb7cbf0cb62210
-
SHA512
a0644fff674365a2a79076647adfec9d58aebe5e58cb9ff1b8392430a7902b1b3731019ffac0a037ddf90f22071529b6f9aac22a3f2ee6a7021ada4960532c00
-
SSDEEP
98304:cpEC9dCddyqAbQTnKNaLRiv1vtknr5RdMk8h4aMesIqcdoB+UHaTIU:cpZ9kddhAbyKNxtv2rrdd867erxdoBho
Behavioral task
behavioral1
Sample
access.dll
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
access.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
l2c.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
l2c.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
l2cserv.exe
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
l2cserv.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
l2net.exe
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
l2net.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
l2update.exe
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
l2update.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral11
Sample
proc.dll
Resource
win7-20240419-en
Behavioral task
behavioral12
Sample
proc.dll
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
access.dat
-
Size
52KB
-
MD5
68557856c6851353c1578b7cb5b4e71e
-
SHA1
53596c8a185143fca8cb3890155369b6495aebad
-
SHA256
e62eea6b342443b075fe1cedebf2eba82448524197abce17263d2d00cc0aed61
-
SHA512
f84e7a169c0b52be5d261d2e6c49b030443760b82a3e3437e1281c7f98d46345f8519309471f97dc80aa42d7d18ba4b8e80d07681c48ead0ef26e5732eb3f24b
-
SSDEEP
384:BXzN3gJdY59tTulkbETxYJx6y2DfiqoYBUcz837yI4h9lxovS1fJuUIiho38o8OP:BjmwTulXtEOfZBe7kHovsJI38od54
Score1/10 -
-
-
Target
l2c.exe
-
Size
9.5MB
-
MD5
de62c328c41a5001cf64d9211d86b521
-
SHA1
be7ccc7eaf87513a4042572f070fe2d0a400a044
-
SHA256
fa6689da04dca6a996abc167acfdb85e7b4e16cd70cf24f6e2b0b6f5a80e40a8
-
SHA512
1599aac2b0a4a7275f9785832a33e33c08557cbc199d98f9c095e51ca6b1172930a88a848a482de74fa878cb751a2ba07563f24478251191fc64cab4e9f1a25c
-
SSDEEP
98304:BmGVKzTGQfyx5BAAYQhN/P732eAbipaQDOZc/nESQ8HzNQo:4GcyxvdGeAboM8HK
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader First Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
l2cserv.exe
-
Size
259KB
-
MD5
732f7f538e489b35dd7cc423e92734f5
-
SHA1
4520009153dfddf4c5c6ba5a0770e7209ecf5ed1
-
SHA256
ca729340425501bc860d94fea586836205ff2aa5ab8d045a3c14c6b53c80f869
-
SHA512
9f09ca5372b304ec693d7ae7965da9729cdd81c6925256a108d82b6e9fdc5396438c0d9d6b49f40cf57671880a098bc2c1d6a0dcdbf89ff7cfe610862cd60995
-
SSDEEP
6144:/+XxGlvGkOlsAmNUrwG1xB9Yko6Nv9fJvAcc:/+haO3g+rw8c6NvbYc
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader First Stage
-
-
-
Target
l2net.exe
-
Size
248KB
-
MD5
2dde664edfcb9c52c0b4d74b5a4f7792
-
SHA1
80f34dff2ae3b5e3deaf709f290d4ea1da29815c
-
SHA256
7c700c7b2e11ad43127fbce2ca4ed318a17c3d18660f01ac72eb64aa2e61917d
-
SHA512
a7e539fcf3fdc41934f10061fd194d41e88e7d33346eb9626dda1f0bdd81d9034918284cd30f3c43410209d2abfcaac0c85861155913363d18af39f52ebb0410
-
SSDEEP
6144:kiit/rw07BjdFdp7I3so9RfPpEFMq8Qj001S:krt/Rnny8OZEr8yXs
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader First Stage
-
-
-
Target
l2update.exe
-
Size
180KB
-
MD5
662191bd40429bf0795ac9221ded4d05
-
SHA1
58da8cae0266631ee66c6979a2cb52c664cd2bb1
-
SHA256
53ff9e6f64b0372aaff6647b6bec6c88dd0d40f95e3faae3c9ad498c161c6345
-
SHA512
d04b0ccf934fdc02cc3747255403dd516fc8e1f4b970ef80aa6ed8fc415aab66f9465c7659405fb70453389f33419d3dda0791fac747ff59b4ee00d9f724205a
-
SSDEEP
3072:0DwoNyALb23QAzrED1DAEFWDTOa5+vL+FFZAJLGsTrnTaY9/PFZGr0u7NKvS8tY:WNyALa3rEtxFZasLG02Ik0KUi
Score7/10 -
-
-
Target
proc.dll
-
Size
462KB
-
MD5
6aac836bde08d9c6fee6c91cc1ac631f
-
SHA1
b10817a68208bbeb22172afcd40227a35cee4cda
-
SHA256
f9d9b9d36c6077f75f86343fcd4cddb1dc4965d42c77e19f60e2515f97e7571b
-
SHA512
d9901d553bdf0acb92ed0b92bd14ec4f9d11e7ffeb534ae4fe664e14bfe917d2434f09e945c07bdc0b4da0dc13cb65829c7f066ee6d87452ba5bbbcdf900a1b4
-
SSDEEP
6144:HEKrFfU19u5mbwAKKzqMmrDmM6GBCpBns2OJBCQf3rt63AQ49VYDQxc/D:HEKlGu5mk/KzqMmr91p2ECQfw3CVYHD
Score3/10 -