General
-
Target
e365f643cb0ef6666351c0b791d63bb0_JaffaCakes118
-
Size
303KB
-
Sample
240915-1dyedstbrd
-
MD5
e365f643cb0ef6666351c0b791d63bb0
-
SHA1
9c6d363bd71f2bbdea5e5f54fadfd5b2fad6eb5d
-
SHA256
72dec13f3b56fc87616af8ddc876f3ba24c78633f8fd429528922f66e5b8a59d
-
SHA512
56e9fb13f0518730b1350b3cec6f31bd5a0b0833628e87bb1025659fcdc5e1c5c8b90af8edbc9bb21752f3b357e88a7bc8456f00abcbd1afe96f4364fbd53ab7
-
SSDEEP
6144:aSe2ihx5KEXUr6j9JQHOXEemcgkY3HU1dowtlo2yCUta0mcokLU:Jihwr82lemc/8HElgNRLU
Malware Config
Targets
-
-
Target
e365f643cb0ef6666351c0b791d63bb0_JaffaCakes118
-
Size
303KB
-
MD5
e365f643cb0ef6666351c0b791d63bb0
-
SHA1
9c6d363bd71f2bbdea5e5f54fadfd5b2fad6eb5d
-
SHA256
72dec13f3b56fc87616af8ddc876f3ba24c78633f8fd429528922f66e5b8a59d
-
SHA512
56e9fb13f0518730b1350b3cec6f31bd5a0b0833628e87bb1025659fcdc5e1c5c8b90af8edbc9bb21752f3b357e88a7bc8456f00abcbd1afe96f4364fbd53ab7
-
SSDEEP
6144:aSe2ihx5KEXUr6j9JQHOXEemcgkY3HU1dowtlo2yCUta0mcokLU:Jihwr82lemc/8HElgNRLU
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Suspicious use of SetThreadContext
-