General
-
Target
ffe3194bdc9786ac76fa254d65189a90_JaffaCakes118
-
Size
653KB
-
Sample
240930-d8r5jawdrq
-
MD5
ffe3194bdc9786ac76fa254d65189a90
-
SHA1
ecd4287e5337196d456fadff2c1c2571d5037574
-
SHA256
3ff2f2423c010fcc91f629417f45dbfe61cbc40f4f993ec93af1e65ad691513c
-
SHA512
34c839cc07f8b75b756f702446c91e91f847e6deb4f01baf7e75b3ebf2d28e0c58dd0e374be3f6ce4838b7cc4f2836f3a113c45de0435649db4026555258aa71
-
SSDEEP
12288:DfpN+hvj4sDvARQZuwWVEn6ZKicqV3MexrokA7A8w2VCokuCdy2:DhNyvjdDlGynDa8e9okx8w2so/z2
Malware Config
Targets
-
-
Target
ffe3194bdc9786ac76fa254d65189a90_JaffaCakes118
-
Size
653KB
-
MD5
ffe3194bdc9786ac76fa254d65189a90
-
SHA1
ecd4287e5337196d456fadff2c1c2571d5037574
-
SHA256
3ff2f2423c010fcc91f629417f45dbfe61cbc40f4f993ec93af1e65ad691513c
-
SHA512
34c839cc07f8b75b756f702446c91e91f847e6deb4f01baf7e75b3ebf2d28e0c58dd0e374be3f6ce4838b7cc4f2836f3a113c45de0435649db4026555258aa71
-
SSDEEP
12288:DfpN+hvj4sDvARQZuwWVEn6ZKicqV3MexrokA7A8w2VCokuCdy2:DhNyvjdDlGynDa8e9okx8w2so/z2
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-