General
-
Target
433dd4dce13e86688a3af13686c84d1c_JaffaCakes118
-
Size
931KB
-
Sample
240514-1xnpasad6y
-
MD5
433dd4dce13e86688a3af13686c84d1c
-
SHA1
69ceb568484e6436b50b067f041f383acab22870
-
SHA256
bc64ad45f156496dab5f38b4d6810dd3276ccb43a639e979fa2a71f370f78aad
-
SHA512
45f933fd991bfedaab8b1fd19d41e22432f328abb5606aa04dc9cff43bf088fc1a674c156be95bd0aa452334b96e6ab6cd1105431abd27e6d03bbaa42aef47d7
-
SSDEEP
24576:LQgPByJzhAfD7MjzlR7W/BdT5r4fPn9OvRSWz4r:LQgZ0z0MjHC/Bdu39OvAWz+
Static task
static1
Behavioral task
behavioral1
Sample
433dd4dce13e86688a3af13686c84d1c_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
433dd4dce13e86688a3af13686c84d1c_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
433dd4dce13e86688a3af13686c84d1c_JaffaCakes118
-
Size
931KB
-
MD5
433dd4dce13e86688a3af13686c84d1c
-
SHA1
69ceb568484e6436b50b067f041f383acab22870
-
SHA256
bc64ad45f156496dab5f38b4d6810dd3276ccb43a639e979fa2a71f370f78aad
-
SHA512
45f933fd991bfedaab8b1fd19d41e22432f328abb5606aa04dc9cff43bf088fc1a674c156be95bd0aa452334b96e6ab6cd1105431abd27e6d03bbaa42aef47d7
-
SSDEEP
24576:LQgPByJzhAfD7MjzlR7W/BdT5r4fPn9OvRSWz4r:LQgZ0z0MjHC/Bdu39OvAWz+
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader First Stage
-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-