General
-
Target
cf2bbbaa0c1af1aca33ad14a5719bed0_JaffaCakes118
-
Size
5.1MB
-
Sample
241206-1lmmvsvphp
-
MD5
cf2bbbaa0c1af1aca33ad14a5719bed0
-
SHA1
c173454068457bbc6f66e76f0401ff46520b06c0
-
SHA256
0a0331f9887d4d9f0bfe9c27f70f5c11c79385ca05c6a6075bd2c7bf4fb18910
-
SHA512
7819d0a1b77105f3cfc03f74af50fa700d369fab268bcf444546fd7e7be04044b1a7a551d3f330ea6bccc6233a0b0ff733a040d4f6a8ddf9c8c8b69e947e1bed
-
SSDEEP
98304:nQvUpQW/y5O2AWmvGgob+Dw15qhvyu0fKyK0zyf:nfj/+Obn50qX0f
Malware Config
Targets
-
-
Target
cf2bbbaa0c1af1aca33ad14a5719bed0_JaffaCakes118
-
Size
5.1MB
-
MD5
cf2bbbaa0c1af1aca33ad14a5719bed0
-
SHA1
c173454068457bbc6f66e76f0401ff46520b06c0
-
SHA256
0a0331f9887d4d9f0bfe9c27f70f5c11c79385ca05c6a6075bd2c7bf4fb18910
-
SHA512
7819d0a1b77105f3cfc03f74af50fa700d369fab268bcf444546fd7e7be04044b1a7a551d3f330ea6bccc6233a0b0ff733a040d4f6a8ddf9c8c8b69e947e1bed
-
SSDEEP
98304:nQvUpQW/y5O2AWmvGgob+Dw15qhvyu0fKyK0zyf:nfj/+Obn50qX0f
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-