General
-
Target
0abe87c40812b5fc4246f2b40ad9254c_JaffaCakes118
-
Size
232KB
-
Sample
240621-lmk34ayejq
-
MD5
0abe87c40812b5fc4246f2b40ad9254c
-
SHA1
b4cada7eb58eb8643d3423870907869fe1d22ed6
-
SHA256
a79352b5c3c5c0b957799f3025a499b97b9af0bb8126a2ebfd87cf2c2fd303b0
-
SHA512
f26ed5505d500ff5c3c311173db21081b590656586610b89106f8482e4a41d6823650a266f7f6f6d7e7260af32f6f60a6173c5bd1356eb366fb19d3ca01c80d7
-
SSDEEP
3072:tLCnfucn+b9xvsnOOS2oKISOm7cn+egnbexRewT3:t4OHsnO6Os7cn+Pq
Behavioral task
behavioral1
Sample
0abe87c40812b5fc4246f2b40ad9254c_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
0abe87c40812b5fc4246f2b40ad9254c_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
0abe87c40812b5fc4246f2b40ad9254c_JaffaCakes118
-
Size
232KB
-
MD5
0abe87c40812b5fc4246f2b40ad9254c
-
SHA1
b4cada7eb58eb8643d3423870907869fe1d22ed6
-
SHA256
a79352b5c3c5c0b957799f3025a499b97b9af0bb8126a2ebfd87cf2c2fd303b0
-
SHA512
f26ed5505d500ff5c3c311173db21081b590656586610b89106f8482e4a41d6823650a266f7f6f6d7e7260af32f6f60a6173c5bd1356eb366fb19d3ca01c80d7
-
SSDEEP
3072:tLCnfucn+b9xvsnOOS2oKISOm7cn+egnbexRewT3:t4OHsnO6Os7cn+Pq
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modifies WinLogon for persistence
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-