General
-
Target
672fec09c1e3b1c4371a105f2e1b3cbf_JaffaCakes118
-
Size
628KB
-
Sample
240723-meyjws1cjb
-
MD5
672fec09c1e3b1c4371a105f2e1b3cbf
-
SHA1
51de31e594739df07c7ecbef4b497f6d24ebf753
-
SHA256
220f60a75ba617d6c57a8b640e4546723646b2655ea146b898993d531186c84c
-
SHA512
f799d44bc56010e87fad6ed9029303e4ca3b69c55be4a475bd0030ff26e7959b07ab69ac0dc62b35747e107b31f540c801dd5a2be00de15edf3463739ca56c48
-
SSDEEP
12288:2eX2dhLTl8BBg31g0Owy/HCdhIw54aGNJhhSoRhBjrhIXa061CPQgcwQhFn:xmdxTODgTOwy/HwhR54aiiItaz61CPnc
Malware Config
Targets
-
-
Target
672fec09c1e3b1c4371a105f2e1b3cbf_JaffaCakes118
-
Size
628KB
-
MD5
672fec09c1e3b1c4371a105f2e1b3cbf
-
SHA1
51de31e594739df07c7ecbef4b497f6d24ebf753
-
SHA256
220f60a75ba617d6c57a8b640e4546723646b2655ea146b898993d531186c84c
-
SHA512
f799d44bc56010e87fad6ed9029303e4ca3b69c55be4a475bd0030ff26e7959b07ab69ac0dc62b35747e107b31f540c801dd5a2be00de15edf3463739ca56c48
-
SSDEEP
12288:2eX2dhLTl8BBg31g0Owy/HCdhIw54aGNJhhSoRhBjrhIXa061CPQgcwQhFn:xmdxTODgTOwy/HwhR54aiiItaz61CPnc
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-