General
-
Target
d5b3ba447ed77b4d99cde60fb73160e2_JaffaCakes118
-
Size
982KB
-
Sample
241208-hagy5awldz
-
MD5
d5b3ba447ed77b4d99cde60fb73160e2
-
SHA1
a83a976db4cc6c42c846d450598bec275093bf2b
-
SHA256
f5b3dc1f5f534bf1054df001584ac1c1b164262ee69fcf1349bfb5414b02453c
-
SHA512
2f7d12df4e82b80fe0599af8e3ddbd69029a6d128136fab5c107a7bd434d3c9fe1ecf1df525cc51f23bd6fd2c6ea7022ab9b578b31e7d6a2370ec45c3ad4daa9
-
SSDEEP
768:bpoUE7J/dXlh0bjHt0u5KwdYumLGldKOwkusx8I:blo/7q/H6a/YuRl3x8I
Malware Config
Targets
-
-
Target
d5b3ba447ed77b4d99cde60fb73160e2_JaffaCakes118
-
Size
982KB
-
MD5
d5b3ba447ed77b4d99cde60fb73160e2
-
SHA1
a83a976db4cc6c42c846d450598bec275093bf2b
-
SHA256
f5b3dc1f5f534bf1054df001584ac1c1b164262ee69fcf1349bfb5414b02453c
-
SHA512
2f7d12df4e82b80fe0599af8e3ddbd69029a6d128136fab5c107a7bd434d3c9fe1ecf1df525cc51f23bd6fd2c6ea7022ab9b578b31e7d6a2370ec45c3ad4daa9
-
SSDEEP
768:bpoUE7J/dXlh0bjHt0u5KwdYumLGldKOwkusx8I:blo/7q/H6a/YuRl3x8I
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-