General
-
Target
9f226acd7de1dd335a3bd748f8aa6f9b_JaffaCakes118
-
Size
360KB
-
Sample
240611-w2nsmswfpc
-
MD5
9f226acd7de1dd335a3bd748f8aa6f9b
-
SHA1
105ceba7647c3b4edebd5dc244010675ae64ba00
-
SHA256
509b0cf248e1a1a1443287eb5d5a328c564c5a37af10e156a63a6b607e5ee5bd
-
SHA512
0a62c9228e9dc9ca2aad4166c4ac686d4b32b41fcda1e06b8c5d6aabf394580a2c8e532cc7d84872dd0b74afad3422fc981880bea91392324e6c11e5932b9781
-
SSDEEP
6144:fI7kmNy3NyW7btm58icJp8DbxCuoAgUPL26GCFT:fI7kmNy3NyUmMJp8Db8jAVPL26GCx
Static task
static1
Behavioral task
behavioral1
Sample
9f226acd7de1dd335a3bd748f8aa6f9b_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
9f226acd7de1dd335a3bd748f8aa6f9b_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
9f226acd7de1dd335a3bd748f8aa6f9b_JaffaCakes118
-
Size
360KB
-
MD5
9f226acd7de1dd335a3bd748f8aa6f9b
-
SHA1
105ceba7647c3b4edebd5dc244010675ae64ba00
-
SHA256
509b0cf248e1a1a1443287eb5d5a328c564c5a37af10e156a63a6b607e5ee5bd
-
SHA512
0a62c9228e9dc9ca2aad4166c4ac686d4b32b41fcda1e06b8c5d6aabf394580a2c8e532cc7d84872dd0b74afad3422fc981880bea91392324e6c11e5932b9781
-
SSDEEP
6144:fI7kmNy3NyW7btm58icJp8DbxCuoAgUPL26GCFT:fI7kmNy3NyUmMJp8Db8jAVPL26GCx
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-