General
-
Target
a4b54c681b7a38cb6ca56bc056104548_JaffaCakes118
-
Size
806KB
-
Sample
240613-krldzsvhrq
-
MD5
a4b54c681b7a38cb6ca56bc056104548
-
SHA1
917a38923487cada408813692ed8cae34b0d1a5e
-
SHA256
0cac9a35f4ab3a1b0ff29e0871e1215b3420d48343fff24547e12a322d70d1df
-
SHA512
99e678759312c9595bc1cc30f40aed6eb814b65fb80e8b9ba1d0fc39f0a5a57dca11982da5b13ed84641f4962f363318b6ac2879de892fbc41155db999155c86
-
SSDEEP
12288:8GeW7lerECtu4aLgbqu6khVc0qI7oe3gP5WeLg+drrYva4pq3HiwQI:8G9perrOUj6k7ZqC30NPYVq3d
Static task
static1
Behavioral task
behavioral1
Sample
a4b54c681b7a38cb6ca56bc056104548_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
a4b54c681b7a38cb6ca56bc056104548_JaffaCakes118
-
Size
806KB
-
MD5
a4b54c681b7a38cb6ca56bc056104548
-
SHA1
917a38923487cada408813692ed8cae34b0d1a5e
-
SHA256
0cac9a35f4ab3a1b0ff29e0871e1215b3420d48343fff24547e12a322d70d1df
-
SHA512
99e678759312c9595bc1cc30f40aed6eb814b65fb80e8b9ba1d0fc39f0a5a57dca11982da5b13ed84641f4962f363318b6ac2879de892fbc41155db999155c86
-
SSDEEP
12288:8GeW7lerECtu4aLgbqu6khVc0qI7oe3gP5WeLg+drrYva4pq3HiwQI:8G9perrOUj6k7ZqC30NPYVq3d
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-