General
-
Target
da093f7b426f3ee3a4f95d43b15f5eb1_JaffaCakes118
-
Size
663KB
-
Sample
240911-k8wahstdnd
-
MD5
da093f7b426f3ee3a4f95d43b15f5eb1
-
SHA1
4e4544f2af4f2001b9d1f394e11aa5852f138927
-
SHA256
890ef0a1b7d1562793af39dd63bee30e5205c1ad42779cb55e6ed66ef9e87101
-
SHA512
fdf2a52449b66ee69dfdfda8c3d36dbc08318f0c093423f17361c4a0b264d231eb2be28371024d17c8ce81f2e59d94cc65a4f78bb5c3a65dd573bb15e16762b0
-
SSDEEP
12288:rdbF0vRP+370p4pEU2bIgJcGmQqMeh76Z85nuDTLTkwcmZgwc:rdBwP+IoDcFJXZehvuD7bZgx
Malware Config
Targets
-
-
Target
da093f7b426f3ee3a4f95d43b15f5eb1_JaffaCakes118
-
Size
663KB
-
MD5
da093f7b426f3ee3a4f95d43b15f5eb1
-
SHA1
4e4544f2af4f2001b9d1f394e11aa5852f138927
-
SHA256
890ef0a1b7d1562793af39dd63bee30e5205c1ad42779cb55e6ed66ef9e87101
-
SHA512
fdf2a52449b66ee69dfdfda8c3d36dbc08318f0c093423f17361c4a0b264d231eb2be28371024d17c8ce81f2e59d94cc65a4f78bb5c3a65dd573bb15e16762b0
-
SSDEEP
12288:rdbF0vRP+370p4pEU2bIgJcGmQqMeh76Z85nuDTLTkwcmZgwc:rdBwP+IoDcFJXZehvuD7bZgx
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-