General
-
Target
f729ba8a25a62f89c7f1448b1881c18f_JaffaCakes118
-
Size
15.8MB
-
Sample
241216-ed6vwaspcz
-
MD5
f729ba8a25a62f89c7f1448b1881c18f
-
SHA1
6c56d38347741dd2a55c35c7cd0e6f172f706504
-
SHA256
b46d57440fa4c6089011d9460c67a196b6cc1bc484860fe7077fad4e9925f1eb
-
SHA512
a32b47e4aa667059067ebe91cd7e6a3b278f37509ae69f197c5674426069a5238b5f6ec713f2a762ba7b12cd6043a63912313babdfccaca67764228db93060f6
-
SSDEEP
196608:hlej3Y1BbicHKUrsfkV7UUW3hxsISyJUS+czu233HzHgd5Uk6/c7+9FD5//uG9wz:+sbb1HKUr4ksntS8zNjsUn/c8DxxwN
Malware Config
Targets
-
-
Target
AutoPath.dll
-
Size
585KB
-
MD5
c3c98a96ea0dc067a99e8849f68acf04
-
SHA1
39fecda52b89c54eef4d8ca6afd3eba6830ade82
-
SHA256
2587cea708905b2a03f4dc335a7bccfd30392e6930fc511c812ba817f1c72106
-
SHA512
85556c0b49ff2f53655f223288421222af80b11e8d222e5f7c7eec732d28a294d649444d7b8c037f8d2c40bcf4e5db72f77bf8a5592820d54b4f6c0283d81386
-
SSDEEP
12288:eMGd+1VrxqXIxMciB9FhY9ttHCPyZQijOT7Ah7q98aC8w:Ko1V8XIxMci1+9t4yZzjGWaC
Score5/10-
Drops file in System32 directory
-
-
-
Target
BOOKMARK.DLL
-
Size
54KB
-
MD5
8a8fb246f5bbb650c2ed039265ddd631
-
SHA1
12a3d2f91341c35eb1812cf015ef9b94191aae22
-
SHA256
7e5c87cc813f9cb61d89de1b11786e9f0b450266b6105b67e955b26f4b213922
-
SHA512
10bde3bc3892afb4ee51dd62278bd424ec5a93b765e1eeeba8ccf35af0eb62f8683174338adaae5888200948bf432d77c838ab2bfb1a72a0646617f025723e4a
-
SSDEEP
1536:dvO8VWe0p22xoOhqfFn7P98q8ok5eQ7G8G/:dnB0p22eOMh6eF
Score3/10 -
-
-
Target
Cmdline.dll
-
Size
62KB
-
MD5
022e81e0fae5e1d727b413b3a746a300
-
SHA1
b85eb210377a9335c795baa8462f6796129ddb4f
-
SHA256
daa35b374c9a86352c47ecdacb9429a95cbe0b5eee06b4023d52682d6e132227
-
SHA512
67bd938a464a0b5070912a3c5e127bfc450a9122303e0cda62b539a70500a7b620124c96fb1751db0635adb6d8b4988dc0eca44199ededfeebd43431e32a7796
-
SSDEEP
1536:GzjDey5yms6V2xodhMhT/8qZ028ak5fcT0GsGJW2:GHDeyJs6V22dSsfc1W2
Score3/10 -
-
-
Target
DBGHELP.DLL
-
Size
475KB
-
MD5
d5bd19d6dd351b6c43e78a4025015924
-
SHA1
56f7cb97e21ff8794304e6d5386fe62f5d43b8fd
-
SHA256
745686c7a1e4cacbd8dc0bf206c7315316dd62c1e4dbeb77e5e27fa446ceb219
-
SHA512
a90f50f2d0b33ffe1c1e2cf054e483564ecee9ecd913d703ba4777aff8db0488c59da9e1aa3fcb0c321dff2184275cd0ad2ca547560eb115406bc288e60028a2
-
SSDEEP
6144:5+hapPGIEStr4vZlmbBs4q8h8yMpqVvbf9AIjiMAtvIA4k85wtiEQrWHvmXl647:5+hapNOZ8FHiyMpqZfPj2vIp43vmXlV
Score3/10 -
-
-
Target
DeJunk.dll
-
Size
40KB
-
MD5
760d4c95c07857f20b9abc334096cb08
-
SHA1
38bb493e1df747a37b0ccc916b771ed32154b689
-
SHA256
5c1fde87527afc711efe35fdfc3e103029e36bb6b67a7e4e9f9da60a40a732b6
-
SHA512
bed31fd0d7b6f2b76979cccf00fddd69d1b545753227615710a99d44617add6af01439bf30105a4d37c535bf998f70aa631c62657e77bf540f51b51d6fb7f829
-
SSDEEP
384:mGRSJBGTcfSWLzmlQYZox6bcS6un8xyutft8yCyVExOh2/oUZo+P/xutUA:mL6cfvJ48PfadeUXoUzC
Score3/10 -
-
-
Target
EXPLORER.eXe
-
Size
587KB
-
MD5
966c07c343b7b31e0c5ec4c2f150266a
-
SHA1
e8c675aae68563f7d27f3e387b02a774a466f2ea
-
SHA256
7e1616a55641265d837fda5809868412b2354064166a61fbb0cf88d0c02dc700
-
SHA512
fc7d882c88c10c38788fcab54b015aaa1f1958b0efe998b67ef6a3a83a82f117ad26a84d2288dab204f5cc9bf0e7cd09cf1c3a275142244132bd7860bdc6df2a
-
SSDEEP
12288:mMp/90yriKytxHVH1GSHtCklfy5KzgEPp:p/bKt4Sxla5KzgE
Score3/10 -
-
-
Target
Importer.dll
-
Size
5KB
-
MD5
498668234e073e0a647271dfea3070ba
-
SHA1
f1e9504ec659a40872542089ebbb5385332456e7
-
SHA256
708d1820be72e24275d5c05fa0c1f2cbaae768f3212b29f8fbf1089555f305dc
-
SHA512
f5d474c40998d88652137ded2224c42e60a07dcf40327c651157df98f2606fedba2d406c9cbbf3951517620e128c2c582fdf341507b3a727fea509b9ac510d0b
-
SSDEEP
48:yVfNOBGkc+XyTfbe6+Ufu14G/PXP40App4OIEhWvhHkM/FoZTBO7h:/BGMXxU+4zp4pSWveM/FyTk7h
Score3/10 -
-
-
Target
Loaddll fix by heXer.exe
-
Size
5KB
-
MD5
ed874238b77301e9f5378494cb3d0625
-
SHA1
07b5a0eb290da0b7cd7bc847b5d865710030685d
-
SHA256
f39acd9e662234e833d567b999463fb9906ee8588cd189bdaf0c6a0e1fb8f43b
-
SHA512
6634c55cd500b32d7ed3dcf61a08269a6bc98d05e199a1a7a1ed9b1adff3baa6b3f2a24fb5919f7c7c5e11e41eee86dafdf824d17487169d3ae0aea0ae0cda60
-
SSDEEP
48:qjQv6oZc3zjSNQ9H/J6QJHBrRSNMPKh+3KCt9y0M7Q:dlZCzR6UIMPimt9y0M7
Score3/10 -
-
-
Target
ODBHELP.DLL
-
Size
475KB
-
MD5
d5bd19d6dd351b6c43e78a4025015924
-
SHA1
56f7cb97e21ff8794304e6d5386fe62f5d43b8fd
-
SHA256
745686c7a1e4cacbd8dc0bf206c7315316dd62c1e4dbeb77e5e27fa446ceb219
-
SHA512
a90f50f2d0b33ffe1c1e2cf054e483564ecee9ecd913d703ba4777aff8db0488c59da9e1aa3fcb0c321dff2184275cd0ad2ca547560eb115406bc288e60028a2
-
SSDEEP
6144:5+hapPGIEStr4vZlmbBs4q8h8yMpqVvbf9AIjiMAtvIA4k85wtiEQrWHvmXl647:5+hapNOZ8FHiyMpqZfPj2vIp43vmXlV
Score3/10 -
-
-
Target
OllyDbg Russian.EXE
-
Size
1.1MB
-
MD5
4b6e211f1beb12cbe7ff68f34a52e3fc
-
SHA1
e10a3e51c9716691196119a9e8e758f339e29754
-
SHA256
b961a16f471ad4982e4692381c68b312adec7be8105a2c828f021c41fe4292bf
-
SHA512
896dc251a91e569052ec3b03044d7cca27c346666ca0acc2ab3b5e8a82422a3846f692daea55f3a2b75e458d5d276d6dbb01e29de958c6d9e3755b0e8203de76
-
SSDEEP
24576:Gf5qC7nramh/9zglpZPmYQbx7WhdiY4GMs4ck2gOsp:qOiUmYk7Wt4FtOs
Score3/10 -
-
-
Target
OllyICE.exe
-
Size
1.2MB
-
MD5
3d16805ba7b0652afa46cf1718f61da3
-
SHA1
c50d279e5af629cf1fdd3f24de388216dca39d3f
-
SHA256
25662a5694b9e626ae4fb39fdf426402256e092a7d5f7f76c243f0601ba6c13f
-
SHA512
1ba8c20d80ecff03ff1fb21f6d661c6bfdebdd8a93a4b90c0453d56dce9fc7d4637e026c721a3b7624dc3bdfb1df20b2342774325a07921fa13b8863027294f0
-
SSDEEP
24576:Wf5qmJnraHZ8aLswpZPmYQbx7WhdiY4GVhtb8+gOsVijuNA9:cOK8mYk7WH21OsKue
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader First Stage
-
Drops file in Drivers directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
OllyIXE.exe
-
Size
1.2MB
-
MD5
6ee3935e71fffdc6a5e0dc864f027732
-
SHA1
3d9f62b5957a2ee75319bed684647c5ac0a1cbd2
-
SHA256
5d0c3643c2384c24176589cce3a6dc4bfc5ca74903adaaaad1806870da819fbc
-
SHA512
5294ed0822563d1f56ab4810372cffb51fe32efb112ff479da57b33664a964dfcdd7cf963a596b34aa80b50125b5089dc134df796c356cca9d813c2d56eecaf2
-
SSDEEP
24576:Wf5qaJnraHZ8aLswpZPPYQbx7WhdiY4GVhtb0+gOsVijuNA9:wOK8PYk7WHO1OsKue
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader First Stage
-
Drops file in Drivers directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
MiniSafe.exe
-
Size
68KB
-
MD5
c5010dadcd72431618c5f4650242ac08
-
SHA1
eeb5c03225e1cfd9e5b5785ce4981de5ae2c5ed6
-
SHA256
a690653eca875b8f8feefeca6cbedc57b24f933186f34ea5c31adad004026bd6
-
SHA512
dac138387f0d37586a84eca21e38267313f99255b0a8ce3da03cc061455d0b091455b79a66d8ac9f61b0a90cba63c0c3e221674285486b074f5e19ee6f0165e7
-
SSDEEP
1536:UL7b5G57U68vK6qloimiSHK1MfbvEQoll:ULxGWPK6q2lvmll
Score3/10 -
-
-
Target
Olly.Hard.Point.dll
-
Size
40KB
-
MD5
029570312d3f11cd568c37fac2090e06
-
SHA1
473e649ca60d03726bb93ca60e1690b9dd5d06d0
-
SHA256
af73f60e08e3fcbe30158d8c6324b801c9b34c35ca51cd22c6a94f061d7a887c
-
SHA512
b031727dfa2c4da3e6cd60eeed19c3b608c1bbb9b292a5fa1345e42354c3bbbb56389651bae966c91597510db9cbd2a78d9657cce2c6d92b3d01df4c33bad6b3
-
SSDEEP
384:mOCGUIrkRAtn2I55Pe+z9r0qscR8bh6aT6KcsQmM6Ar40tmcgkvRcl4kR:VCGXhefJzN6OcsbMVBFL6lj
Score3/10 -
-
-
Target
OllySafe.sys
-
Size
11KB
-
MD5
68ed004cc3eb9b0eea75932d65e0e0ce
-
SHA1
75acf29829efcd6acd6a04c03919880d789e1934
-
SHA256
273472646ab58f803782b6e3a40d52561a06da2c69ad80bc01a1d80bcb029555
-
SHA512
5d39e5d957e8691218557a3289e7039e616bfba3fb245e6a72f834604848176e553f13439ba072845623aecf8b45d1b795462dd0caaab25120d4b2e8a07762da
-
SSDEEP
192:IPYwjTd+fRjING4aJLk6bfFu5xaRAZUXlNItEN0i7rveCOKrc8IUrYZd5ZsWT:IPfjqjCIL1g5nZUXlN480iPeKrc8IUr0
Score1/10 -
-
-
Target
Ollydbg.exe
-
Size
1.1MB
-
MD5
bd3abb4ac01da6edb30006cc55953be8
-
SHA1
b08e0b5f1a3633bd6d0a6a71b54c13477cd3c991
-
SHA256
1a651ddcc2c9997524c4eee89e73b0f97b43478286cf2249926d728cce390eb2
-
SHA512
aa997f4b9ae4476e5ec4b6f5d3c6a08ed63cd7eb35f5e44f2dea89c008535e3f54a2b0f532d54d6863319bf56d95a7512040232274f2b9acaf9504e74b41bb31
-
SSDEEP
24576:Qf5qC7nramh/9zglpZPmYQbx7WhdiY4GBs4cktgOsh:8OiUmYk7W+4FKOs
Score3/10 -