General
-
Target
f883a8fb55026cb43807545106b3d8a9_JaffaCakes118
-
Size
754KB
-
Sample
241216-l6wnyawrhj
-
MD5
f883a8fb55026cb43807545106b3d8a9
-
SHA1
f753f962fbc53a38a074906aacb03a639d6e6d27
-
SHA256
bd604f462bad2541a2f91249fdcbfe7db28e78c0b0736d7476aa0a6d120377bb
-
SHA512
6f35362aa42818436217de4cffd3da56dab08b4f5223bd5512a20b8c9253b28fb2bf44fedcbf4647c6f544ab765dc86b79d6e6fcba461b7fe9212cbfc31fc61f
-
SSDEEP
12288:BK2mhAMJ/cPlJ6ZcIX8V7XT9X66gdCk0etR34iV6HQhlB3ItwNAS6wsgfq3:w2O/GlJ67sV7hq6gdCk0e//lB3Jj6TgK
Malware Config
Targets
-
-
Target
f883a8fb55026cb43807545106b3d8a9_JaffaCakes118
-
Size
754KB
-
MD5
f883a8fb55026cb43807545106b3d8a9
-
SHA1
f753f962fbc53a38a074906aacb03a639d6e6d27
-
SHA256
bd604f462bad2541a2f91249fdcbfe7db28e78c0b0736d7476aa0a6d120377bb
-
SHA512
6f35362aa42818436217de4cffd3da56dab08b4f5223bd5512a20b8c9253b28fb2bf44fedcbf4647c6f544ab765dc86b79d6e6fcba461b7fe9212cbfc31fc61f
-
SSDEEP
12288:BK2mhAMJ/cPlJ6ZcIX8V7XT9X66gdCk0etR34iV6HQhlB3ItwNAS6wsgfq3:w2O/GlJ67sV7hq6gdCk0e//lB3Jj6TgK
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader First Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-