General
-
Target
6345907153d820edf8402066bb70732f_JaffaCakes118
-
Size
674KB
-
Sample
240722-p8jc6szajm
-
MD5
6345907153d820edf8402066bb70732f
-
SHA1
12bfb249f916095a68f621afeff496fb930858c0
-
SHA256
da74061519b19b1653023bec28d65a2153ce7236b8539f417e5831a9a5a908e4
-
SHA512
cf7080e11fb6723f8f162d343d2c26a32e501f55eb1c5c1122d301197d44fe642adb0678807d4f2dffb528eb7b2cd6df431b96443769eb1dee7849e0d630d982
-
SSDEEP
12288:8bm1kmrrI8BMuVZFcghkgHmjRzYEJ3jTfneN8MBuuvNtTird:8bvKI8yuvXuYujLnYBRHTEd
Malware Config
Targets
-
-
Target
6345907153d820edf8402066bb70732f_JaffaCakes118
-
Size
674KB
-
MD5
6345907153d820edf8402066bb70732f
-
SHA1
12bfb249f916095a68f621afeff496fb930858c0
-
SHA256
da74061519b19b1653023bec28d65a2153ce7236b8539f417e5831a9a5a908e4
-
SHA512
cf7080e11fb6723f8f162d343d2c26a32e501f55eb1c5c1122d301197d44fe642adb0678807d4f2dffb528eb7b2cd6df431b96443769eb1dee7849e0d630d982
-
SSDEEP
12288:8bm1kmrrI8BMuVZFcghkgHmjRzYEJ3jTfneN8MBuuvNtTird:8bvKI8yuvXuYujLnYBRHTEd
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-