General
-
Target
875b73a8bf81357fe56c69e83670be9b_JaffaCakes118
-
Size
385KB
-
Sample
240810-x545gathjp
-
MD5
875b73a8bf81357fe56c69e83670be9b
-
SHA1
6ea5d967f7686b5204ee916a3588fccdfb97378c
-
SHA256
f4c4b877cfd50d92d4b7f389f3270279171ec933dd567c21fd1062c2eb54b013
-
SHA512
1933743925033411a59624906a8633c9e71f3ac1943ec433e7266fa4efbbb68987e9161a7c637fbff3b4468235f68ccf59dc2bff5a3a4b72e7a769996dd599fd
-
SSDEEP
6144:7uJxtmnrvsmUywGwVmPlZZKYBZtdjkpLt2rmJ4KHRLdRTvb3X3yJntEnOMah7:7axtmLsmkIPl7KcJjit2rmiKRHv3SaO
Malware Config
Targets
-
-
Target
875b73a8bf81357fe56c69e83670be9b_JaffaCakes118
-
Size
385KB
-
MD5
875b73a8bf81357fe56c69e83670be9b
-
SHA1
6ea5d967f7686b5204ee916a3588fccdfb97378c
-
SHA256
f4c4b877cfd50d92d4b7f389f3270279171ec933dd567c21fd1062c2eb54b013
-
SHA512
1933743925033411a59624906a8633c9e71f3ac1943ec433e7266fa4efbbb68987e9161a7c637fbff3b4468235f68ccf59dc2bff5a3a4b72e7a769996dd599fd
-
SSDEEP
6144:7uJxtmnrvsmUywGwVmPlZZKYBZtdjkpLt2rmJ4KHRLdRTvb3X3yJntEnOMah7:7axtmLsmkIPl7KcJjit2rmiKRHv3SaO
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modifies WinLogon for persistence
-
ModiLoader Second Stage
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-