General
-
Target
fa3112cf8a0f2328370c6bd27638ccf1_JaffaCakes118
-
Size
2.0MB
-
Sample
241218-fmzctsvran
-
MD5
fa3112cf8a0f2328370c6bd27638ccf1
-
SHA1
0cc7d2f51c199dbf2cfc65d2a51b3cc39d301149
-
SHA256
675fcd4bf4418ee31b058f5d77e02c30675388e0ffa454bc6bb616f56b60d07d
-
SHA512
0bb2799e63ec418be786d5b806612f6547a69bf58fa114c872b9d4e2e8fa6d86191fbcfd41c08fa7d969488da200b9d6fce331791f14b3b332c1bc835989e910
-
SSDEEP
49152:9OVo4BJxMgJt+RBr/mjrZv/yvZozyHMxIcMWfam950VntgsWbYq:EV1BwgJtEh/mjtv/yvqOHM8AyntgsWkq
Malware Config
Targets
-
-
Target
Absolute Crypter.exe
-
Size
2.8MB
-
MD5
822636568c7c5debfad3d621afb69f07
-
SHA1
4206c6b0e95c7fbf9cf8aee21be8ab2ee54a55c4
-
SHA256
a80e7ebc3ff660d1b56054885938199ad3cacd418520075233c38a53819fcae7
-
SHA512
1cdba9d0d66799ad2dce4a22915d6ed1852622ad1e695f405ac46a0fdcc51e71dc8e0097418e1b8601323be99741f9627bc5a291528fcbc0a20de70fed8f41e3
-
SSDEEP
49152:eCEiLCSXTxOxTpsibTJRGhcn1omLnyA7BeWbvf1+LswzLa0vO:eCEiLLX9ibT3Lyq1jddwE
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-