General
-
Target
02db9a29930c083437c24b715dd2c0d3_JaffaCakes118
-
Size
408KB
-
Sample
240620-e84n1ayhlb
-
MD5
02db9a29930c083437c24b715dd2c0d3
-
SHA1
f914fb1884194ea343367e133cb7c93a918de05c
-
SHA256
c8ba9e912998504246476c6d4f933803e845ecd5aa607fa7ea3c88c944758be4
-
SHA512
e75ed273b4a62bba06c44b6811bbbe24af88a41733000aa0f681fb262ae4418137ede4d4fc14f57178c2a7c9944b924cecc28516ac30b1156974065fb49ea643
-
SSDEEP
6144:FSUq02j+8po8yoaNxx/9K5Upklf2rxJKSRVowzgK8YxFv7yRCfnVBEM:T2j+wo8y7NxZfSl2rxJKSRVBUSsa
Malware Config
Targets
-
-
Target
02db9a29930c083437c24b715dd2c0d3_JaffaCakes118
-
Size
408KB
-
MD5
02db9a29930c083437c24b715dd2c0d3
-
SHA1
f914fb1884194ea343367e133cb7c93a918de05c
-
SHA256
c8ba9e912998504246476c6d4f933803e845ecd5aa607fa7ea3c88c944758be4
-
SHA512
e75ed273b4a62bba06c44b6811bbbe24af88a41733000aa0f681fb262ae4418137ede4d4fc14f57178c2a7c9944b924cecc28516ac30b1156974065fb49ea643
-
SSDEEP
6144:FSUq02j+8po8yoaNxx/9K5Upklf2rxJKSRVowzgK8YxFv7yRCfnVBEM:T2j+wo8y7NxZfSl2rxJKSRVBUSsa
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-