General
-
Target
97ec59d3add4035a0417403563af7b3e_JaffaCakes118
-
Size
927KB
-
Sample
240605-mxtnnaec98
-
MD5
97ec59d3add4035a0417403563af7b3e
-
SHA1
f237d7d988b73cd0dfeadae544c5d01f8747124b
-
SHA256
115c959e43bf478551d3612f247731d1ef4dc66f305f8466d33c4e7968852ae1
-
SHA512
cb7c7f5e608698abe16a5959fede42b6a15a126d0f078961ad8e0e5e28dc32cf6f132a62e1c8052c7beecb51ab7605e90ef8137cbb3a0a4ff49679e8e01edb55
-
SSDEEP
24576:zUCXnX9Ho09perrOUj6k7ZqC30s9CiX/z1s:z5Owk7ZxC
Static task
static1
Behavioral task
behavioral1
Sample
97ec59d3add4035a0417403563af7b3e_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
97ec59d3add4035a0417403563af7b3e_JaffaCakes118
-
Size
927KB
-
MD5
97ec59d3add4035a0417403563af7b3e
-
SHA1
f237d7d988b73cd0dfeadae544c5d01f8747124b
-
SHA256
115c959e43bf478551d3612f247731d1ef4dc66f305f8466d33c4e7968852ae1
-
SHA512
cb7c7f5e608698abe16a5959fede42b6a15a126d0f078961ad8e0e5e28dc32cf6f132a62e1c8052c7beecb51ab7605e90ef8137cbb3a0a4ff49679e8e01edb55
-
SSDEEP
24576:zUCXnX9Ho09perrOUj6k7ZqC30s9CiX/z1s:z5Owk7ZxC
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-