General
-
Target
7e8d5f27dc9214ef44f816f520b24808_JaffaCakes118
-
Size
2.2MB
-
Sample
241030-ktfxaaymfs
-
MD5
7e8d5f27dc9214ef44f816f520b24808
-
SHA1
4b05dce2dd6a33bf960ea04c7b0d09896c890e17
-
SHA256
61e5394fd73025f83f23483a4f16eae08555dc4571c6ed4a3e720ff0f4f3b459
-
SHA512
6ce5bbf6fc448bb18272c125820662e6522ac99e0276a871e1ddc923d7f3181e7ed744946742426c5e9fcc8cfead87d4f31c420a3d168504dbb4a15be484bac4
-
SSDEEP
49152:9CYES6nS6zjsNJLLICD8VXvEARpN+PyahfEfNmP5ggvvItHuvlWm0+:QYES6zjsjICD8ZvEALN+XGfOgGKH4YmH
Behavioral task
behavioral1
Sample
hongjing2012/2012/红警全能王v2010.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
hongjing2012/2012/红警全能王v2010.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
hongjing2012/QQPCDownload62006.exe
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
hongjing2012/QQPCDownload62006.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
hongjing2012/运行程序.bat
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
hongjing2012/运行程序.bat
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
hongjing2012/2012/红警全能王v2010.exe
-
Size
1.0MB
-
MD5
7ff0bf0155a77e93f86216aefceab475
-
SHA1
ab65d99772cb00ca6d686120ce5e5d206ddc3975
-
SHA256
2c6bd4d46cc9505b7d502da962ee34aa62fcad728e800fd50e8d8ad8505dcca5
-
SHA512
92849fe1a18634f74c541b114533266fe7c328bbb33a3e31360b91d2b343dd9b3b49640eb787fa3c80deee992c726d166bd6caec8414bd8a8d563ec3e428a0e4
-
SSDEEP
24576:soahC2h99zfs3wl76HyFf6Mhng8dNAomDAHnrf6XRbJDRM4:svsm99zfs3wl7ca6Mh3mkEbJy
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
-
-
Target
hongjing2012/QQPCDownload62006.exe
-
Size
1.7MB
-
MD5
794c3eb4fef63952c7aa5533d37e1733
-
SHA1
cc19a693ebd0374bf3e003b90c8e61167fa455fc
-
SHA256
21052c71170b56361d13bca875eacb563a485c33a0d4c1a2e48ef0cfc45b6a50
-
SHA512
c2be3723d9a2951e6a325ca155eb3eb5ce0df2b231b18a6948e54eae15950ba2c7b029458a9c87fff673e969eed5aa88ac8d7c873954edfeaf511c024a55a26c
-
SSDEEP
49152:UCP9GmXFeYTNFAbl8Qy1W22asOLA7yHIHCkGG:4eeLlgs2fnLA7yHKCkl
Score7/10-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
hongjing2012/运行程序.bat
-
Size
205B
-
MD5
dc8cb926f3682dfc6774bfb8b71dc621
-
SHA1
cfa08810cc2433c973a905f59ea6d4849efbc8f0
-
SHA256
cd1d2394d060c12332e011ac6f250e859fc36936c17168f828a7538925eab240
-
SHA512
d60031d722e1ad820d040352c4bf376aff060bf13623c91f1a2ec195b74ed1d3a1a867ddf75b4ba28763240e380215cc5245e992821bd2add01400c6b09b4142
Score7/10-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-