General
-
Target
0718c590352a10a5fb647c775059f447_JaffaCakes118
-
Size
589KB
-
Sample
240620-sf581stdnc
-
MD5
0718c590352a10a5fb647c775059f447
-
SHA1
ef7037a97789c9670c60a02395aaebcc739652fc
-
SHA256
bb60fd410e1a3fd36f5d8e43ff0e5534dc2a2765ae2a3000a8d14b9304d1bd92
-
SHA512
169985b972ec6a9d62618dbd6912bd446ac0b452d935c95340fa3cc3450f8f59b5f82ac4def5ab2e58da2dfb1190af8f56e42911d2c128321f2bf243231b9d07
-
SSDEEP
12288:Let/IVLAmSdWnrdDWK+XRHWPKcPn+vF3Z4mxxvYJphAR2USG4:LcgOmqWrdDWfHWScwQmXvYaR2USG4
Static task
static1
Behavioral task
behavioral1
Sample
0718c590352a10a5fb647c775059f447_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0718c590352a10a5fb647c775059f447_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
0718c590352a10a5fb647c775059f447_JaffaCakes118
-
Size
589KB
-
MD5
0718c590352a10a5fb647c775059f447
-
SHA1
ef7037a97789c9670c60a02395aaebcc739652fc
-
SHA256
bb60fd410e1a3fd36f5d8e43ff0e5534dc2a2765ae2a3000a8d14b9304d1bd92
-
SHA512
169985b972ec6a9d62618dbd6912bd446ac0b452d935c95340fa3cc3450f8f59b5f82ac4def5ab2e58da2dfb1190af8f56e42911d2c128321f2bf243231b9d07
-
SSDEEP
12288:Let/IVLAmSdWnrdDWK+XRHWPKcPn+vF3Z4mxxvYJphAR2USG4:LcgOmqWrdDWfHWScwQmXvYaR2USG4
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-