General
-
Target
777e35b3a1abed8ca65687388a6122c7_JaffaCakes118
-
Size
36KB
-
Sample
240527-b3fs7scf74
-
MD5
777e35b3a1abed8ca65687388a6122c7
-
SHA1
417c0cab872909445df19bc225c8fe81948b40bf
-
SHA256
560e8807daa158a59f281e851bef7f012c7e2ce9750e80029e037dee4eee22a7
-
SHA512
5a9de6617c960abc4c6ae524c9436d3083e7c626ddb2efc31cb1964f8f8e33a47a5bb22367c8da20103a475a5a21aa58cef4a0dc3372b04dc95aa295cbbea76e
-
SSDEEP
768:hycqOQ0bwMK2M3fQde8Pfymg0M9EQfRo0yUP8:YcqOQbB3fQc8Pfymg0yxpByr
Behavioral task
behavioral1
Sample
777e35b3a1abed8ca65687388a6122c7_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
777e35b3a1abed8ca65687388a6122c7_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
777e35b3a1abed8ca65687388a6122c7_JaffaCakes118
-
Size
36KB
-
MD5
777e35b3a1abed8ca65687388a6122c7
-
SHA1
417c0cab872909445df19bc225c8fe81948b40bf
-
SHA256
560e8807daa158a59f281e851bef7f012c7e2ce9750e80029e037dee4eee22a7
-
SHA512
5a9de6617c960abc4c6ae524c9436d3083e7c626ddb2efc31cb1964f8f8e33a47a5bb22367c8da20103a475a5a21aa58cef4a0dc3372b04dc95aa295cbbea76e
-
SSDEEP
768:hycqOQ0bwMK2M3fQde8Pfymg0M9EQfRo0yUP8:YcqOQbB3fQc8Pfymg0yxpByr
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-