General
-
Target
08d2170af43c86ed97d0dac1ff5dda13_JaffaCakes118
-
Size
464KB
-
Sample
240620-xhzapssekf
-
MD5
08d2170af43c86ed97d0dac1ff5dda13
-
SHA1
1a392945351dcf710e5ff89bbd84e4ca0042d018
-
SHA256
def80d52865a8f5abe1a54989c9869c456f8c2d9722a82dde46f0822ce403977
-
SHA512
1f5920c454955f939d2c8be06282a48342b70fd9c2c5f110ec1fa2c3e94d254192404218a1c0608dd5351c8794155ada85a0b2d964f53448a2b846ebf32fab6a
-
SSDEEP
6144:VGfbCSJRNESQN53Bf/SWCjNW5uo5McluV67JAI58JLexotC+PrrBO8FL02QFWz/t:gEr93Co5uo2hQKJ20s8F42mSVUDu
Static task
static1
Behavioral task
behavioral1
Sample
08d2170af43c86ed97d0dac1ff5dda13_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
08d2170af43c86ed97d0dac1ff5dda13_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
08d2170af43c86ed97d0dac1ff5dda13_JaffaCakes118
-
Size
464KB
-
MD5
08d2170af43c86ed97d0dac1ff5dda13
-
SHA1
1a392945351dcf710e5ff89bbd84e4ca0042d018
-
SHA256
def80d52865a8f5abe1a54989c9869c456f8c2d9722a82dde46f0822ce403977
-
SHA512
1f5920c454955f939d2c8be06282a48342b70fd9c2c5f110ec1fa2c3e94d254192404218a1c0608dd5351c8794155ada85a0b2d964f53448a2b846ebf32fab6a
-
SSDEEP
6144:VGfbCSJRNESQN53Bf/SWCjNW5uo5McluV67JAI58JLexotC+PrrBO8FL02QFWz/t:gEr93Co5uo2hQKJ20s8F42mSVUDu
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-