General
-
Target
d798661dfdde22b8774121174260f59d_JaffaCakes118
-
Size
125KB
-
Sample
240910-e9976sxckq
-
MD5
d798661dfdde22b8774121174260f59d
-
SHA1
48ef44c897ffc229ff8cee86e8cd8889d870053b
-
SHA256
0378b2966f42f41a709a89197ed3e9fa2f02b30098357d3bd938480097498a76
-
SHA512
df3b92b35cd4e82ffd6fc524e3e7b561682ec683d47ab2c3b4db619f9f6db755a061f725a7a00507e6a86d8e68cb966927950a476e978176c09f2363b7aff2d9
-
SSDEEP
1536:78gEX6YaSd4Psq0PXpmWu79B1ArPUco9FLdS1EAd4kkVIIOQSO3VAlo3cwefM2lP:7graBIpPQMPozgEAQIIOxwxAf
Malware Config
Targets
-
-
Target
d798661dfdde22b8774121174260f59d_JaffaCakes118
-
Size
125KB
-
MD5
d798661dfdde22b8774121174260f59d
-
SHA1
48ef44c897ffc229ff8cee86e8cd8889d870053b
-
SHA256
0378b2966f42f41a709a89197ed3e9fa2f02b30098357d3bd938480097498a76
-
SHA512
df3b92b35cd4e82ffd6fc524e3e7b561682ec683d47ab2c3b4db619f9f6db755a061f725a7a00507e6a86d8e68cb966927950a476e978176c09f2363b7aff2d9
-
SSDEEP
1536:78gEX6YaSd4Psq0PXpmWu79B1ArPUco9FLdS1EAd4kkVIIOQSO3VAlo3cwefM2lP:7graBIpPQMPozgEAQIIOxwxAf
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-