General
-
Target
2328c35aedd4cc8cff4a2e28321f4edc_JaffaCakes118
-
Size
1.7MB
-
Sample
240703-vq77ga1fld
-
MD5
2328c35aedd4cc8cff4a2e28321f4edc
-
SHA1
230b4fa97083f58ae579f79aa3cc53f0a56cef63
-
SHA256
013d7fd9b2f226b98f2a9bd0ab4f839b9b45873877a0e6c6c7e951acf04a9571
-
SHA512
ca5b1780780b933f5bd74b77a5ef3c9b5295f2577fd7baa2bb2c34392991beb0071c91644b69bb229ef907e3cf733c08c749e5bfb8c6371a6d17678bbba90cee
-
SSDEEP
49152:neXsTMq8Bgk/gDtzEfci/aDbXvJcgE9ckb6F0ncn7GY0a:nuwNo2pIfca2RR0b6F0ncn7GY0a
Static task
static1
Behavioral task
behavioral1
Sample
2328c35aedd4cc8cff4a2e28321f4edc_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
2328c35aedd4cc8cff4a2e28321f4edc_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
2328c35aedd4cc8cff4a2e28321f4edc_JaffaCakes118
-
Size
1.7MB
-
MD5
2328c35aedd4cc8cff4a2e28321f4edc
-
SHA1
230b4fa97083f58ae579f79aa3cc53f0a56cef63
-
SHA256
013d7fd9b2f226b98f2a9bd0ab4f839b9b45873877a0e6c6c7e951acf04a9571
-
SHA512
ca5b1780780b933f5bd74b77a5ef3c9b5295f2577fd7baa2bb2c34392991beb0071c91644b69bb229ef907e3cf733c08c749e5bfb8c6371a6d17678bbba90cee
-
SSDEEP
49152:neXsTMq8Bgk/gDtzEfci/aDbXvJcgE9ckb6F0ncn7GY0a:nuwNo2pIfca2RR0b6F0ncn7GY0a
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-