General
-
Target
22a803b6d4daa8deb6bb444fda3bbc85_JaffaCakes118
-
Size
492KB
-
Sample
240703-rkg7basbkg
-
MD5
22a803b6d4daa8deb6bb444fda3bbc85
-
SHA1
1c061aaae1077a30dd8a209c47256cc4be02df8e
-
SHA256
7b9c293a82cc188bdaccd1aeeee5169819060622a75c4ea953613f30595be1f6
-
SHA512
bd7b6aaaa5e69ca93ed50debd8a8f3eb29997cb560bd395b05a4e7450416ff9d99b03b5346b9fba7b6aea5aee52a50847c5a5c55c2ec5f09373e7dc7646dc784
-
SSDEEP
12288:AjuTkMa586N2rAs3e3D35UQpXyjWz8iu6pqXALLbr2U7QFxyzw:AsUNl6yD2KXYWzj3rZQFz
Static task
static1
Behavioral task
behavioral1
Sample
22a803b6d4daa8deb6bb444fda3bbc85_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
22a803b6d4daa8deb6bb444fda3bbc85_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
22a803b6d4daa8deb6bb444fda3bbc85_JaffaCakes118
-
Size
492KB
-
MD5
22a803b6d4daa8deb6bb444fda3bbc85
-
SHA1
1c061aaae1077a30dd8a209c47256cc4be02df8e
-
SHA256
7b9c293a82cc188bdaccd1aeeee5169819060622a75c4ea953613f30595be1f6
-
SHA512
bd7b6aaaa5e69ca93ed50debd8a8f3eb29997cb560bd395b05a4e7450416ff9d99b03b5346b9fba7b6aea5aee52a50847c5a5c55c2ec5f09373e7dc7646dc784
-
SSDEEP
12288:AjuTkMa586N2rAs3e3D35UQpXyjWz8iu6pqXALLbr2U7QFxyzw:AsUNl6yD2KXYWzj3rZQFz
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modifies visiblity of hidden/system files in Explorer
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-