General
-
Target
f117d1405dc44218e7c22f108a5d8b2e_JaffaCakes118
-
Size
341KB
-
Sample
240922-cs88faxfmd
-
MD5
f117d1405dc44218e7c22f108a5d8b2e
-
SHA1
337625f7878c3867366d969c652ce47b05470a49
-
SHA256
b7398f2e2567e70dc8649595f30b93697c9d2561c247b3f648193fbb31c22e93
-
SHA512
9003c8ff1d9d852b13959e805a8b487570ec3b1cee83412a5a4474586499cdd6cb54eb79232bf29a4bd1b7c0a930036ebf65be918299238f367c36d52d2999b9
-
SSDEEP
6144:zwROOloJ7dZGPGVNN6dEf0/wogNUHlyDUOp5uRxeytb:MR3loBFV2IS7gNT/MJt
Malware Config
Targets
-
-
Target
f117d1405dc44218e7c22f108a5d8b2e_JaffaCakes118
-
Size
341KB
-
MD5
f117d1405dc44218e7c22f108a5d8b2e
-
SHA1
337625f7878c3867366d969c652ce47b05470a49
-
SHA256
b7398f2e2567e70dc8649595f30b93697c9d2561c247b3f648193fbb31c22e93
-
SHA512
9003c8ff1d9d852b13959e805a8b487570ec3b1cee83412a5a4474586499cdd6cb54eb79232bf29a4bd1b7c0a930036ebf65be918299238f367c36d52d2999b9
-
SSDEEP
6144:zwROOloJ7dZGPGVNN6dEf0/wogNUHlyDUOp5uRxeytb:MR3loBFV2IS7gNT/MJt
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-