General
-
Target
cf8a88872161bfa0fa2515e8d8bc9378_JaffaCakes118
-
Size
369KB
-
Sample
240906-prlrzaxbke
-
MD5
cf8a88872161bfa0fa2515e8d8bc9378
-
SHA1
befda4f9436494a2d1a80269e95978e45ba42873
-
SHA256
8d32699cfcd155b2e76799a69adf1d893197a03684bf8846ac81964d09b529cd
-
SHA512
7cbbf07d844e7a7f5e7cb9717464dfc149cbd992977a315abbe59efcfaa50f67ce4c68382bbad70e831b1bbf2db0823657f0e8509dabb73a2386e76ca41b8b25
-
SSDEEP
6144:Z60s8fAKCc0dM0sUDJAX0InyKsQluQolNl7Tu56dcMM3+kKebrumlW5r/PylRuK:zs8fAKj0C03A0INRErpQ6SbK5x5ryR/
Malware Config
Targets
-
-
Target
cf8a88872161bfa0fa2515e8d8bc9378_JaffaCakes118
-
Size
369KB
-
MD5
cf8a88872161bfa0fa2515e8d8bc9378
-
SHA1
befda4f9436494a2d1a80269e95978e45ba42873
-
SHA256
8d32699cfcd155b2e76799a69adf1d893197a03684bf8846ac81964d09b529cd
-
SHA512
7cbbf07d844e7a7f5e7cb9717464dfc149cbd992977a315abbe59efcfaa50f67ce4c68382bbad70e831b1bbf2db0823657f0e8509dabb73a2386e76ca41b8b25
-
SSDEEP
6144:Z60s8fAKCc0dM0sUDJAX0InyKsQluQolNl7Tu56dcMM3+kKebrumlW5r/PylRuK:zs8fAKj0C03A0INRErpQ6SbK5x5ryR/
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-