General
-
Target
0812ca75d13ff0ed86bc29edbed3cc94_JaffaCakes118
-
Size
682KB
-
Sample
240620-vpetjasfrp
-
MD5
0812ca75d13ff0ed86bc29edbed3cc94
-
SHA1
f05fa0e094648ad88340858e105e30b9b95699d1
-
SHA256
c3a2a615367c4146d9d18fbf212469599fec07f8ccdb38e5e8fa5036f899a6eb
-
SHA512
5cbdfcbb7e5bf6acb7f8bc245fed032a7914d68760b55f359d35a4b5fbfcb350a0a6989c0f7f6f815c2c658d79e821f38f25f5d2b620d643a94a49fc984849d1
-
SSDEEP
12288:GCak3wugOJ63b6colgOcIdA6cyhnUF3Z4mxxnsqWmXAnMECUQIZ1D6BF:Fa9ugOUr6TKsWSUQmXsPyAnMECT4gF
Static task
static1
Behavioral task
behavioral1
Sample
0812ca75d13ff0ed86bc29edbed3cc94_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
0812ca75d13ff0ed86bc29edbed3cc94_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
0812ca75d13ff0ed86bc29edbed3cc94_JaffaCakes118
-
Size
682KB
-
MD5
0812ca75d13ff0ed86bc29edbed3cc94
-
SHA1
f05fa0e094648ad88340858e105e30b9b95699d1
-
SHA256
c3a2a615367c4146d9d18fbf212469599fec07f8ccdb38e5e8fa5036f899a6eb
-
SHA512
5cbdfcbb7e5bf6acb7f8bc245fed032a7914d68760b55f359d35a4b5fbfcb350a0a6989c0f7f6f815c2c658d79e821f38f25f5d2b620d643a94a49fc984849d1
-
SSDEEP
12288:GCak3wugOJ63b6colgOcIdA6cyhnUF3Z4mxxnsqWmXAnMECUQIZ1D6BF:Fa9ugOUr6TKsWSUQmXsPyAnMECT4gF
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-