General
-
Target
dc5a3368e7cf5ef9d6f40138a7006712_JaffaCakes118
-
Size
296KB
-
Sample
240912-qq1p6swhka
-
MD5
dc5a3368e7cf5ef9d6f40138a7006712
-
SHA1
70752d17289cbb300ed13518f287607bd8674dcf
-
SHA256
1003ede10019657bba0683ec75b46235472fb9a81defbfa055200a4a2058faec
-
SHA512
902e5ab854d9d21d0c83de8c6760c36c1cc21d940558c04032d263cac5faa104009ae646129c11b09698d26d4ef3826f8a0a161f47bbe0a3bb4d151f2fee4154
-
SSDEEP
6144:elCIRpVfT/hS52FLOdBrUG+XUeogaWgNIM7/C8GCDPI1Rlhkh+3Y5k:elCIRnbUm4VUG+Eeg76KC841Fkc3Ye
Malware Config
Targets
-
-
Target
dc5a3368e7cf5ef9d6f40138a7006712_JaffaCakes118
-
Size
296KB
-
MD5
dc5a3368e7cf5ef9d6f40138a7006712
-
SHA1
70752d17289cbb300ed13518f287607bd8674dcf
-
SHA256
1003ede10019657bba0683ec75b46235472fb9a81defbfa055200a4a2058faec
-
SHA512
902e5ab854d9d21d0c83de8c6760c36c1cc21d940558c04032d263cac5faa104009ae646129c11b09698d26d4ef3826f8a0a161f47bbe0a3bb4d151f2fee4154
-
SSDEEP
6144:elCIRpVfT/hS52FLOdBrUG+XUeogaWgNIM7/C8GCDPI1Rlhkh+3Y5k:elCIRnbUm4VUG+Eeg76KC841Fkc3Ye
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-