General
-
Target
d8b2b31d90878886e6232e3ac7467463_JaffaCakes118
-
Size
225KB
-
Sample
240910-v2xvwaxaqb
-
MD5
d8b2b31d90878886e6232e3ac7467463
-
SHA1
7e022e207919095a4c69ac3c9dad24d545d27324
-
SHA256
fa069b96011c6bcad03b421e86a71acd6f9b53aa4295913844496595b8746f06
-
SHA512
2509ccc42409eace6aa53f3106a2c4601f1cc2ced40c00884b4ea7ba059d87c03088e148934bc90d5d9127180a75c68e41a4c054575150bc46860e9bb3ba21d3
-
SSDEEP
3072:z8w8p1HxX43fAMVz0kUnIbOkKjIIKCpnhbNwIQZ3/nuGK/aUjxLOASEKB/X98Lie:sH583YIblK0EphBwIM8iU9LTSpa9Q+
Malware Config
Targets
-
-
Target
d8b2b31d90878886e6232e3ac7467463_JaffaCakes118
-
Size
225KB
-
MD5
d8b2b31d90878886e6232e3ac7467463
-
SHA1
7e022e207919095a4c69ac3c9dad24d545d27324
-
SHA256
fa069b96011c6bcad03b421e86a71acd6f9b53aa4295913844496595b8746f06
-
SHA512
2509ccc42409eace6aa53f3106a2c4601f1cc2ced40c00884b4ea7ba059d87c03088e148934bc90d5d9127180a75c68e41a4c054575150bc46860e9bb3ba21d3
-
SSDEEP
3072:z8w8p1HxX43fAMVz0kUnIbOkKjIIKCpnhbNwIQZ3/nuGK/aUjxLOASEKB/X98Lie:sH583YIblK0EphBwIM8iU9LTSpa9Q+
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses Microsoft Outlook accounts
-
Suspicious use of SetThreadContext
-