General
-
Target
d79a454b799feb54bc373a71ba26d3b3_JaffaCakes118
-
Size
489KB
-
Sample
241208-r72jgawqct
-
MD5
d79a454b799feb54bc373a71ba26d3b3
-
SHA1
8d5529a1dbef36a67e32d7f80e4555688437c444
-
SHA256
22e8f0d0d1a379ff6c7e666966a6bb6347a6ce123fe7bc337547da5f2eaffb86
-
SHA512
5382f7c9c61d81ed48ec9cd0e746c9167e64a3fb6cfee93ad9acdbfa670b9ee08266d231b3447aaff6ef2aa5fab0f0562682f1d6a153df24ea3d8c40984ae65f
-
SSDEEP
6144:UsWXEYMd9DWvUwUm0EO89pYkboU2oVIZ87p7M0fNGVfT/E1V3RXfz0:U17GNw+m0EnzboUrM0UVbc1V3K
Malware Config
Targets
-
-
Target
d79a454b799feb54bc373a71ba26d3b3_JaffaCakes118
-
Size
489KB
-
MD5
d79a454b799feb54bc373a71ba26d3b3
-
SHA1
8d5529a1dbef36a67e32d7f80e4555688437c444
-
SHA256
22e8f0d0d1a379ff6c7e666966a6bb6347a6ce123fe7bc337547da5f2eaffb86
-
SHA512
5382f7c9c61d81ed48ec9cd0e746c9167e64a3fb6cfee93ad9acdbfa670b9ee08266d231b3447aaff6ef2aa5fab0f0562682f1d6a153df24ea3d8c40984ae65f
-
SSDEEP
6144:UsWXEYMd9DWvUwUm0EO89pYkboU2oVIZ87p7M0fNGVfT/E1V3RXfz0:U17GNw+m0EnzboUrM0UVbc1V3K
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-