General
-
Target
ee644efcb4c9373b6aa354e223a68a67_JaffaCakes118
-
Size
806KB
-
Sample
240920-zjjyhsxcrl
-
MD5
ee644efcb4c9373b6aa354e223a68a67
-
SHA1
5e7afa7b6325b22a1793edc38dbd2a5cc348a244
-
SHA256
92c29adfd984ebaf47387f99807886f780dcae2e92c7f10a984421f5edcaad09
-
SHA512
a3d5261edae4a80e2e16c7d52cf3653f3fdaa293eee96057c024065d26446b174d64cc42ed2a12ca5119a1a5ca340cf201fae01385afa059b6c97dc128442dde
-
SSDEEP
12288:8GeW7lerECtu4aLgbqu6khVc0qI7oe3gP5WeLg+drrYva4pq3HiwQQ:8G9perrOUj6k7ZqC30NPYVq39
Malware Config
Targets
-
-
Target
ee644efcb4c9373b6aa354e223a68a67_JaffaCakes118
-
Size
806KB
-
MD5
ee644efcb4c9373b6aa354e223a68a67
-
SHA1
5e7afa7b6325b22a1793edc38dbd2a5cc348a244
-
SHA256
92c29adfd984ebaf47387f99807886f780dcae2e92c7f10a984421f5edcaad09
-
SHA512
a3d5261edae4a80e2e16c7d52cf3653f3fdaa293eee96057c024065d26446b174d64cc42ed2a12ca5119a1a5ca340cf201fae01385afa059b6c97dc128442dde
-
SSDEEP
12288:8GeW7lerECtu4aLgbqu6khVc0qI7oe3gP5WeLg+drrYva4pq3HiwQQ:8G9perrOUj6k7ZqC30NPYVq39
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Suspicious use of SetThreadContext
-