General
-
Target
19d58529bd859c53f9520a9e2ed3a524_JaffaCakes118
-
Size
380KB
-
Sample
240628-mt2j4avfrc
-
MD5
19d58529bd859c53f9520a9e2ed3a524
-
SHA1
542ded1a740d41bc9df36df64703767008d87ab2
-
SHA256
e89a02b1742f58e50369e103f19f030dc1d31aff33f97dda2f35ef1a938cb7d5
-
SHA512
bbfa761b443f1243b21f479af77604d9809448636eccc83dc7f273f934ebe7b0d27164c15fb5b9064eeb26084acf4112e84056e14bfc3270578005db5afe3849
-
SSDEEP
6144:S5emnohbdsdVnyAICBQP7C/aq1HgdxFFzFv9P9TqucPkzd2+9YwA2pIlt0uy0P:HmnQ2znHIC6P7C/pCd9BlPoF6vhYK8P
Malware Config
Targets
-
-
Target
19d58529bd859c53f9520a9e2ed3a524_JaffaCakes118
-
Size
380KB
-
MD5
19d58529bd859c53f9520a9e2ed3a524
-
SHA1
542ded1a740d41bc9df36df64703767008d87ab2
-
SHA256
e89a02b1742f58e50369e103f19f030dc1d31aff33f97dda2f35ef1a938cb7d5
-
SHA512
bbfa761b443f1243b21f479af77604d9809448636eccc83dc7f273f934ebe7b0d27164c15fb5b9064eeb26084acf4112e84056e14bfc3270578005db5afe3849
-
SSDEEP
6144:S5emnohbdsdVnyAICBQP7C/aq1HgdxFFzFv9P9TqucPkzd2+9YwA2pIlt0uy0P:HmnQ2znHIC6P7C/pCd9BlPoF6vhYK8P
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-