General
-
Target
e80c543aab145c327b76588109aa28d1_JaffaCakes118
-
Size
221KB
-
Sample
241212-ysr5tawkes
-
MD5
e80c543aab145c327b76588109aa28d1
-
SHA1
a35a5c8a80ab7fd7daf9df9cc653f6793cacbef9
-
SHA256
a33fc45d3d24272746694f8909362b9c74bc9df19c9ce7007376433f4c750957
-
SHA512
982aabe3302ce51752ec1903818d7097c5e056ae8ef64056f4e9f3ac1de8395d147616828baef8db98752eab348165c1fe1db24a12992ff5ff5b5b08c35e466d
-
SSDEEP
3072:GL0C1vc5IjJ0305245nqQMh9rfjWSEYGIBSKSwyY4fgIKFHPcoutK1vH1UFG0:iHqaqkEKGXrfqOqwyY+noSKXUL
Malware Config
Targets
-
-
Target
e80c543aab145c327b76588109aa28d1_JaffaCakes118
-
Size
221KB
-
MD5
e80c543aab145c327b76588109aa28d1
-
SHA1
a35a5c8a80ab7fd7daf9df9cc653f6793cacbef9
-
SHA256
a33fc45d3d24272746694f8909362b9c74bc9df19c9ce7007376433f4c750957
-
SHA512
982aabe3302ce51752ec1903818d7097c5e056ae8ef64056f4e9f3ac1de8395d147616828baef8db98752eab348165c1fe1db24a12992ff5ff5b5b08c35e466d
-
SSDEEP
3072:GL0C1vc5IjJ0305245nqQMh9rfjWSEYGIBSKSwyY4fgIKFHPcoutK1vH1UFG0:iHqaqkEKGXrfqOqwyY+noSKXUL
Score10/10-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-