Resubmissions
16/07/2024, 01:18
240716-bpdrpaycmr 10General
-
Target
4c38000f1d86dc12206ed4bb30262c9e_JaffaCakes118
-
Size
573KB
-
Sample
240716-bpdrpaycmr
-
MD5
4c38000f1d86dc12206ed4bb30262c9e
-
SHA1
053a994f4f1b55332d07c114c071eec9dfc01d0c
-
SHA256
1035c80b1f862f789886bd990b135ff1159ea47d4d1c2294bb13c96c3b4cb589
-
SHA512
bbd5e4a1ab99abab7c1fd74bae96a955ce061c05d79ba33052561dde631f4d8b3bf5bf713140bc403816314a8b0c1588934a394d1f9a28babb7bf92cfeb027e3
-
SSDEEP
12288:vy4B8cRfv5+2Lqq1WMtS8GX9sAVyLmg/TvxUPYIR:aXce2LDujELTuYIR
Malware Config
Targets
-
-
Target
4c38000f1d86dc12206ed4bb30262c9e_JaffaCakes118
-
Size
573KB
-
MD5
4c38000f1d86dc12206ed4bb30262c9e
-
SHA1
053a994f4f1b55332d07c114c071eec9dfc01d0c
-
SHA256
1035c80b1f862f789886bd990b135ff1159ea47d4d1c2294bb13c96c3b4cb589
-
SHA512
bbd5e4a1ab99abab7c1fd74bae96a955ce061c05d79ba33052561dde631f4d8b3bf5bf713140bc403816314a8b0c1588934a394d1f9a28babb7bf92cfeb027e3
-
SSDEEP
12288:vy4B8cRfv5+2Lqq1WMtS8GX9sAVyLmg/TvxUPYIR:aXce2LDujELTuYIR
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-