General
-
Target
ef9977125c01e851aa922d8f37a9419e_JaffaCakes118
-
Size
77KB
-
Sample
241214-tmf35syqcq
-
MD5
ef9977125c01e851aa922d8f37a9419e
-
SHA1
d24604c916560d70b1cf846fdad325fcc8c56fec
-
SHA256
bb08c64f51410e403aebbe3a30b5d1a19cc213999383bc0402ba825d2d741b59
-
SHA512
feb4c96e0d837167e0e402c1f651c06928c569a9531100c1a5b786ccd51f737338f2fd3ea6dab86664d917a3f93917241070fc92fdb3bd3c6c58258f50d356ee
-
SSDEEP
1536:k0Ay0rphrqPivg8OQGlJEnVMi+a7/cRgEJuNz9+h3xrvctKx:kKIphmKvgblinVMmKHw9S5ctKx
Malware Config
Targets
-
-
Target
ef9977125c01e851aa922d8f37a9419e_JaffaCakes118
-
Size
77KB
-
MD5
ef9977125c01e851aa922d8f37a9419e
-
SHA1
d24604c916560d70b1cf846fdad325fcc8c56fec
-
SHA256
bb08c64f51410e403aebbe3a30b5d1a19cc213999383bc0402ba825d2d741b59
-
SHA512
feb4c96e0d837167e0e402c1f651c06928c569a9531100c1a5b786ccd51f737338f2fd3ea6dab86664d917a3f93917241070fc92fdb3bd3c6c58258f50d356ee
-
SSDEEP
1536:k0Ay0rphrqPivg8OQGlJEnVMi+a7/cRgEJuNz9+h3xrvctKx:kKIphmKvgblinVMmKHw9S5ctKx
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-