General
-
Target
e0fb4b7b2c571360fccea0d2032f38f3_JaffaCakes118
-
Size
450KB
-
Sample
241211-l83j9sspaq
-
MD5
e0fb4b7b2c571360fccea0d2032f38f3
-
SHA1
3f6c55bcbd3614d77b2d6278d91dfc6a2646d090
-
SHA256
e676ac2792c569934db51f5d78d8abdfed2482af2685ec03247a96ffe29e7d53
-
SHA512
6d52202a03676feff9c0270b3c226c4f50d923973691e95254f03436272780165a0528bbe010de14225acd8fbc4fe85c70b62926a9eb1affbc557a7439b45dd1
-
SSDEEP
6144:wcIwEvC7J8Cv+dA6v31O8lBukf6tf7k9RvtPQPdCqZXl0GCHfGKsnpPpeg5Nxxiz:wFmdKhfkmQkf6tf7klcCWwHu/Ag5w2O
Malware Config
Targets
-
-
Target
e0fb4b7b2c571360fccea0d2032f38f3_JaffaCakes118
-
Size
450KB
-
MD5
e0fb4b7b2c571360fccea0d2032f38f3
-
SHA1
3f6c55bcbd3614d77b2d6278d91dfc6a2646d090
-
SHA256
e676ac2792c569934db51f5d78d8abdfed2482af2685ec03247a96ffe29e7d53
-
SHA512
6d52202a03676feff9c0270b3c226c4f50d923973691e95254f03436272780165a0528bbe010de14225acd8fbc4fe85c70b62926a9eb1affbc557a7439b45dd1
-
SSDEEP
6144:wcIwEvC7J8Cv+dA6v31O8lBukf6tf7k9RvtPQPdCqZXl0GCHfGKsnpPpeg5Nxxiz:wFmdKhfkmQkf6tf7klcCWwHu/Ag5w2O
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-