General
-
Target
065b2d1031f076b64d36e0388f2e42aa_JaffaCakes118
-
Size
94KB
-
Sample
240620-qk6dgazbnc
-
MD5
065b2d1031f076b64d36e0388f2e42aa
-
SHA1
1bdc00278d19b52173cc0c1c25bcd0e1582a3cbb
-
SHA256
1f3c90b57e79fc9b9ffcac77fd2003c53b68b44f34b65fb1bc0016331a2593e9
-
SHA512
dccf8026ebf593e795fd5c426eed9c60823b3fccbf4b43842b7c34501871b16463f5ee9319c7d55ae777a2188d22aeb516ee62873addcc99abb5eb3f3dc13742
-
SSDEEP
1536:f8gKXD4lYp+FGfBoPBWNdNe0RjoypTvMfx6Bvb5JidW2ATW6046mQ:f8g+8WGkdA091kfUBj5JSQI
Behavioral task
behavioral1
Sample
065b2d1031f076b64d36e0388f2e42aa_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
065b2d1031f076b64d36e0388f2e42aa_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
065b2d1031f076b64d36e0388f2e42aa_JaffaCakes118
-
Size
94KB
-
MD5
065b2d1031f076b64d36e0388f2e42aa
-
SHA1
1bdc00278d19b52173cc0c1c25bcd0e1582a3cbb
-
SHA256
1f3c90b57e79fc9b9ffcac77fd2003c53b68b44f34b65fb1bc0016331a2593e9
-
SHA512
dccf8026ebf593e795fd5c426eed9c60823b3fccbf4b43842b7c34501871b16463f5ee9319c7d55ae777a2188d22aeb516ee62873addcc99abb5eb3f3dc13742
-
SSDEEP
1536:f8gKXD4lYp+FGfBoPBWNdNe0RjoypTvMfx6Bvb5JidW2ATW6046mQ:f8g+8WGkdA091kfUBj5JSQI
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-