General
-
Target
1d86467f83dc977dc89064b836d2b5d2_JaffaCakes118
-
Size
360KB
-
Sample
240506-vpt88abc2t
-
MD5
1d86467f83dc977dc89064b836d2b5d2
-
SHA1
854a8a0cc3a5fd29b85aa3279ac4b2f3829d6016
-
SHA256
740146ce0427226e2b5e49b01b5a3b80176e9f5bd15cd61cf8291f2c59c1b43b
-
SHA512
ff5906a19eb39b16078ef92428b5d5b75ee3f9f5f949cb124f4cd4a8fec735634473a6415bfcda961dbc76446730f9dabab7bedcb7a5ab4c5a07f9016dafe50f
-
SSDEEP
6144:fI7kmNy3NyW7btm58icJp8DbxCuoAgUPL26GCFG:fI7kmNy3NyUmMJp8Db8jAVPL26GC8
Static task
static1
Behavioral task
behavioral1
Sample
1d86467f83dc977dc89064b836d2b5d2_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
1d86467f83dc977dc89064b836d2b5d2_JaffaCakes118.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
1d86467f83dc977dc89064b836d2b5d2_JaffaCakes118
-
Size
360KB
-
MD5
1d86467f83dc977dc89064b836d2b5d2
-
SHA1
854a8a0cc3a5fd29b85aa3279ac4b2f3829d6016
-
SHA256
740146ce0427226e2b5e49b01b5a3b80176e9f5bd15cd61cf8291f2c59c1b43b
-
SHA512
ff5906a19eb39b16078ef92428b5d5b75ee3f9f5f949cb124f4cd4a8fec735634473a6415bfcda961dbc76446730f9dabab7bedcb7a5ab4c5a07f9016dafe50f
-
SSDEEP
6144:fI7kmNy3NyW7btm58icJp8DbxCuoAgUPL26GCFG:fI7kmNy3NyUmMJp8Db8jAVPL26GC8
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-