General
-
Target
JaffaCakes118_970b51b76c0ed85cd627646c0ee88614
-
Size
269KB
-
Sample
250329-yv3pbszsez
-
MD5
970b51b76c0ed85cd627646c0ee88614
-
SHA1
74f8ad4dbdd1eb0aae78466cbfbf0c1a91696b95
-
SHA256
95dc9f4cc93a9b100455bb0f23ac7c58665d92dcadfa5080898ee0465dc2570a
-
SHA512
062fef29daa9e2191fd2893beeed667bf41573e0691f80231b3b638b0d12333c316fdbc1a26d36db0dde3a1932654576a624894db36a3226effcaeab4bab83c0
-
SSDEEP
6144:4703ZkdvmAjGeJqSNHqseOuwLkzEN2PuWosnSPX0HZc3PHfbdT1JTI3x:npKmAjG4qShqseOuHEQn1y3ffbda
Malware Config
Targets
-
-
Target
JaffaCakes118_970b51b76c0ed85cd627646c0ee88614
-
Size
269KB
-
MD5
970b51b76c0ed85cd627646c0ee88614
-
SHA1
74f8ad4dbdd1eb0aae78466cbfbf0c1a91696b95
-
SHA256
95dc9f4cc93a9b100455bb0f23ac7c58665d92dcadfa5080898ee0465dc2570a
-
SHA512
062fef29daa9e2191fd2893beeed667bf41573e0691f80231b3b638b0d12333c316fdbc1a26d36db0dde3a1932654576a624894db36a3226effcaeab4bab83c0
-
SSDEEP
6144:4703ZkdvmAjGeJqSNHqseOuwLkzEN2PuWosnSPX0HZc3PHfbdT1JTI3x:npKmAjG4qShqseOuHEQn1y3ffbda
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-