General
-
Target
1c3923172f29f52ffd6e4004d56159c0_JaffaCakes118
-
Size
170KB
-
Sample
240701-x5v7kayfnr
-
MD5
1c3923172f29f52ffd6e4004d56159c0
-
SHA1
7332bbee0e817f7a854beb140626e602fbe16a9e
-
SHA256
2564e1e13954a5400a80f91e4526a10a1eecd801a7c4209b42f37018c6060828
-
SHA512
eead8e69f938aef4aba8a17b37900042deda7cef408335a49567702a5dadba6c0a7b25f7cd3e0724955264959130f3d26ac66cbe6fb4728471d5771c0d5f688c
-
SSDEEP
3072:K1l1SLihy/akXxCw1FFJJPXRdBWQ+OCcrXj86Aout2FQLpVa5EbBaLzZO:K/1/+1HNWWXw6AoShbBf
Malware Config
Targets
-
-
Target
1c3923172f29f52ffd6e4004d56159c0_JaffaCakes118
-
Size
170KB
-
MD5
1c3923172f29f52ffd6e4004d56159c0
-
SHA1
7332bbee0e817f7a854beb140626e602fbe16a9e
-
SHA256
2564e1e13954a5400a80f91e4526a10a1eecd801a7c4209b42f37018c6060828
-
SHA512
eead8e69f938aef4aba8a17b37900042deda7cef408335a49567702a5dadba6c0a7b25f7cd3e0724955264959130f3d26ac66cbe6fb4728471d5771c0d5f688c
-
SSDEEP
3072:K1l1SLihy/akXxCw1FFJJPXRdBWQ+OCcrXj86Aout2FQLpVa5EbBaLzZO:K/1/+1HNWWXw6AoShbBf
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
UAC bypass
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks whether UAC is enabled
-