General
-
Target
0198d3609be6a16c0dd93cb6a556211c_JaffaCakes118
-
Size
114KB
-
Sample
240620-be8t3svbnn
-
MD5
0198d3609be6a16c0dd93cb6a556211c
-
SHA1
723901ac6d61e2d347a235c1dcbb9b920b4c2957
-
SHA256
192854290a20eb1447bd20ff13bea6a866b3a215f73189ee57b8f6a2fd61c46b
-
SHA512
754c583c334f8fe7120a866b4634f6433948070cb4ee3e79b80962932c3bbdd3b0bd912f9eef71193b62a8229039a6a15b020817f75271b4894e16f0fe3e900f
-
SSDEEP
3072:QoHGuvSzUynWqQ0bdtfq+UyfU7C7WaUcp010+/:QMTqfWqRqJyJK/l5
Behavioral task
behavioral1
Sample
0198d3609be6a16c0dd93cb6a556211c_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0198d3609be6a16c0dd93cb6a556211c_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
0198d3609be6a16c0dd93cb6a556211c_JaffaCakes118
-
Size
114KB
-
MD5
0198d3609be6a16c0dd93cb6a556211c
-
SHA1
723901ac6d61e2d347a235c1dcbb9b920b4c2957
-
SHA256
192854290a20eb1447bd20ff13bea6a866b3a215f73189ee57b8f6a2fd61c46b
-
SHA512
754c583c334f8fe7120a866b4634f6433948070cb4ee3e79b80962932c3bbdd3b0bd912f9eef71193b62a8229039a6a15b020817f75271b4894e16f0fe3e900f
-
SSDEEP
3072:QoHGuvSzUynWqQ0bdtfq+UyfU7C7WaUcp010+/:QMTqfWqRqJyJK/l5
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modifies firewall policy service
-
ModiLoader Second Stage
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-