General
-
Target
ea18698e458acba39dd2bd5d72ed5c38_JaffaCakes118
-
Size
293KB
-
Sample
240918-2hlf3axbjj
-
MD5
ea18698e458acba39dd2bd5d72ed5c38
-
SHA1
3ab55981acacbea82f24219f10e1ba790d996e9e
-
SHA256
54561548d54c2712eae3937f3cb3a71374bd29269a0050b4d4c7cebd417bfaa9
-
SHA512
5bdafbcae494963cd8869ba288cffed1d20200c7cfa125b3639923c24f44f9e21e4463ac771e583368761105f268a7c715faa9ba1e144b09f8c21ad1bca42164
-
SSDEEP
6144:jIUklpdvUi1WJbmuOYZaLgHw2lo9zpSiV1WOn7PEs4guLuYRp0d:jIUkf9xWJbFbZaLgQ2C9zpSfIbN4qM2d
Malware Config
Targets
-
-
Target
ea18698e458acba39dd2bd5d72ed5c38_JaffaCakes118
-
Size
293KB
-
MD5
ea18698e458acba39dd2bd5d72ed5c38
-
SHA1
3ab55981acacbea82f24219f10e1ba790d996e9e
-
SHA256
54561548d54c2712eae3937f3cb3a71374bd29269a0050b4d4c7cebd417bfaa9
-
SHA512
5bdafbcae494963cd8869ba288cffed1d20200c7cfa125b3639923c24f44f9e21e4463ac771e583368761105f268a7c715faa9ba1e144b09f8c21ad1bca42164
-
SSDEEP
6144:jIUklpdvUi1WJbmuOYZaLgHw2lo9zpSiV1WOn7PEs4guLuYRp0d:jIUkf9xWJbFbZaLgQ2C9zpSfIbN4qM2d
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-