General
-
Target
e88c474d6402ace54a4cc90c1237dcc5_JaffaCakes118
-
Size
774KB
-
Sample
240918-hl1klsybnl
-
MD5
e88c474d6402ace54a4cc90c1237dcc5
-
SHA1
352231c02b697ddbf9b7cb0cae4392a5b2120ff0
-
SHA256
261b9f9e821f6e7c801040017bcfe6e84f798465f54301eed9567e3b9af5cd13
-
SHA512
2bcf71100c53a78106fa66da0f9f99ee83b26e56d7ee7a10e15ddbdabdcb58424666e68317d5b6624c184637b9b4844dd08c9f16de27679ee05b421de9261fed
-
SSDEEP
12288:y8k37stBEScWoGdqDkg16l9xne173U9sPG7So1O55qTX1B:y8kL0BfTdqDktl3+A+01OvqTFB
Malware Config
Targets
-
-
Target
e88c474d6402ace54a4cc90c1237dcc5_JaffaCakes118
-
Size
774KB
-
MD5
e88c474d6402ace54a4cc90c1237dcc5
-
SHA1
352231c02b697ddbf9b7cb0cae4392a5b2120ff0
-
SHA256
261b9f9e821f6e7c801040017bcfe6e84f798465f54301eed9567e3b9af5cd13
-
SHA512
2bcf71100c53a78106fa66da0f9f99ee83b26e56d7ee7a10e15ddbdabdcb58424666e68317d5b6624c184637b9b4844dd08c9f16de27679ee05b421de9261fed
-
SSDEEP
12288:y8k37stBEScWoGdqDkg16l9xne173U9sPG7So1O55qTX1B:y8kL0BfTdqDktl3+A+01OvqTFB
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Deletes itself
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-