General
-
Target
e40f82c1c2ec5033089c17201d5ba0d2_JaffaCakes118
-
Size
40KB
-
Sample
240916-fhxy7szdjg
-
MD5
e40f82c1c2ec5033089c17201d5ba0d2
-
SHA1
b5fb3860082b1fba2111e74e6ed65846292a55ad
-
SHA256
0e0235533b6b1e32af5cf334ffda365fd674c18fe1f7da618ca361bdcefaa2a7
-
SHA512
2efdce85345fe5be581606f886d779c501c624b8496fbfb763ed5add817f8eb9e86cc842484d88f5945f5b4579f746f5fedd33cd0c5467989258e01c449afc99
-
SSDEEP
768:hs8d22LdX9wTB0DTzLIlLWx2GQrddXq80:h7XLdievgiQpdA
Malware Config
Targets
-
-
Target
e40f82c1c2ec5033089c17201d5ba0d2_JaffaCakes118
-
Size
40KB
-
MD5
e40f82c1c2ec5033089c17201d5ba0d2
-
SHA1
b5fb3860082b1fba2111e74e6ed65846292a55ad
-
SHA256
0e0235533b6b1e32af5cf334ffda365fd674c18fe1f7da618ca361bdcefaa2a7
-
SHA512
2efdce85345fe5be581606f886d779c501c624b8496fbfb763ed5add817f8eb9e86cc842484d88f5945f5b4579f746f5fedd33cd0c5467989258e01c449afc99
-
SSDEEP
768:hs8d22LdX9wTB0DTzLIlLWx2GQrddXq80:h7XLdievgiQpdA
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-