General
-
Target
dbfda6049a06bec0ef71dd7b30c86195_JaffaCakes118
-
Size
3.1MB
-
Sample
240912-hb2pxswcme
-
MD5
dbfda6049a06bec0ef71dd7b30c86195
-
SHA1
adfeff67dff78a8a43b7acd2c9b25bacdaf52ff4
-
SHA256
5583f5b72d10c941517c7030021cf37af8eebd66c1a78d138b5278691ad0c0aa
-
SHA512
f9e8946274f8936d775e274cce90a09767e341cd8148322ebfefeaf16a9d59167a7c811f116d55e8961f12cbd5bd55440f4e843a51cdef350f8c308581631fcb
-
SSDEEP
98304:YHYhm421gmGAxUsTa4GdXj1qv9+fh53UUdO8r:ZRUpfk405kUd
Malware Config
Targets
-
-
Target
dbfda6049a06bec0ef71dd7b30c86195_JaffaCakes118
-
Size
3.1MB
-
MD5
dbfda6049a06bec0ef71dd7b30c86195
-
SHA1
adfeff67dff78a8a43b7acd2c9b25bacdaf52ff4
-
SHA256
5583f5b72d10c941517c7030021cf37af8eebd66c1a78d138b5278691ad0c0aa
-
SHA512
f9e8946274f8936d775e274cce90a09767e341cd8148322ebfefeaf16a9d59167a7c811f116d55e8961f12cbd5bd55440f4e843a51cdef350f8c308581631fcb
-
SSDEEP
98304:YHYhm421gmGAxUsTa4GdXj1qv9+fh53UUdO8r:ZRUpfk405kUd
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-