General
-
Target
12d6a9c170aa19c05353134cdf4f40b7_JaffaCakes118
-
Size
360KB
-
Sample
240504-p7ptkahd76
-
MD5
12d6a9c170aa19c05353134cdf4f40b7
-
SHA1
f0cd3422b802960f44152da43d054c053efa7ce3
-
SHA256
4aecb4cf0be3a31703f8ee9a3f0e74e706f65d2debff6d8a28eaf92b67ae2eaa
-
SHA512
12e9bab3b04bac8b75f77b5d8a25548fb046202c9346916bec8f1ddc8c547e30ccca6af9790d94720fd13fdaa286e9b85065bb31a8d6842f55c13245fa121be3
-
SSDEEP
6144:fI7kmNy3NyW7btm58icJp8DbxCuoAgUPL26GCFp:fI7kmNy3NyUmMJp8Db8jAVPL26GCH
Static task
static1
Behavioral task
behavioral1
Sample
12d6a9c170aa19c05353134cdf4f40b7_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
12d6a9c170aa19c05353134cdf4f40b7_JaffaCakes118.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
12d6a9c170aa19c05353134cdf4f40b7_JaffaCakes118
-
Size
360KB
-
MD5
12d6a9c170aa19c05353134cdf4f40b7
-
SHA1
f0cd3422b802960f44152da43d054c053efa7ce3
-
SHA256
4aecb4cf0be3a31703f8ee9a3f0e74e706f65d2debff6d8a28eaf92b67ae2eaa
-
SHA512
12e9bab3b04bac8b75f77b5d8a25548fb046202c9346916bec8f1ddc8c547e30ccca6af9790d94720fd13fdaa286e9b85065bb31a8d6842f55c13245fa121be3
-
SSDEEP
6144:fI7kmNy3NyW7btm58icJp8DbxCuoAgUPL26GCFp:fI7kmNy3NyUmMJp8Db8jAVPL26GCH
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-