General
-
Target
06edf9e5b3d6495566399c3d501ae4cf_JaffaCakes118
-
Size
684KB
-
Sample
240620-r2xckasfnd
-
MD5
06edf9e5b3d6495566399c3d501ae4cf
-
SHA1
37e65972e8c58278932bad3e682516205aed3bae
-
SHA256
f35a3199b34c54e7c3c6f848b71bf6a35cd6f993a047a338ff07da449c44c34d
-
SHA512
49cee0e1e93ec70de646bb7824370711ab077fbc005dd3cd0c65e24ef357d52af053786e8f2c4a9d945fdf31228d2f0945cd713a9e844409ec1e9b91162b3926
-
SSDEEP
12288:KwcvqRrloU/SpmY8rpDPtxwsKHEWpC+ntF3Z4mxx90MHoTAFb/:yg8mDrprtaACbntQmX9KU
Static task
static1
Behavioral task
behavioral1
Sample
06edf9e5b3d6495566399c3d501ae4cf_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
06edf9e5b3d6495566399c3d501ae4cf_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
06edf9e5b3d6495566399c3d501ae4cf_JaffaCakes118
-
Size
684KB
-
MD5
06edf9e5b3d6495566399c3d501ae4cf
-
SHA1
37e65972e8c58278932bad3e682516205aed3bae
-
SHA256
f35a3199b34c54e7c3c6f848b71bf6a35cd6f993a047a338ff07da449c44c34d
-
SHA512
49cee0e1e93ec70de646bb7824370711ab077fbc005dd3cd0c65e24ef357d52af053786e8f2c4a9d945fdf31228d2f0945cd713a9e844409ec1e9b91162b3926
-
SSDEEP
12288:KwcvqRrloU/SpmY8rpDPtxwsKHEWpC+ntF3Z4mxx90MHoTAFb/:yg8mDrprtaACbntQmX9KU
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-