General
-
Target
253904f5391156c3245b06fb8b3febed_JaffaCakes118
-
Size
604KB
-
Sample
240704-j1vhks1hnn
-
MD5
253904f5391156c3245b06fb8b3febed
-
SHA1
7c627fccc08784a8d906b96a24a5f61c3e9f4d8f
-
SHA256
c78c5d1eebefcdf63b79aa5498b47d86b1a884cc0f42bc36ed6948f009250a84
-
SHA512
ff2e8f99c688712356b8d3ef95baa120b24d98579c0ed6fa2645832fc7b6451ea4bb94a916970d4b1417f2d69e8f7816e8229d7c243a3569645101bf1cba7d44
-
SSDEEP
12288:nZrHpXwLT/99MSZXj9mklGIGyJj8A//yoUfGF3Z4mxxPF1xaZFIF8toQoIBQ:ZrpA//oSF9mkkIhJjX/xUuQmXNXaO8ta
Static task
static1
Behavioral task
behavioral1
Sample
253904f5391156c3245b06fb8b3febed_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
253904f5391156c3245b06fb8b3febed_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
253904f5391156c3245b06fb8b3febed_JaffaCakes118
-
Size
604KB
-
MD5
253904f5391156c3245b06fb8b3febed
-
SHA1
7c627fccc08784a8d906b96a24a5f61c3e9f4d8f
-
SHA256
c78c5d1eebefcdf63b79aa5498b47d86b1a884cc0f42bc36ed6948f009250a84
-
SHA512
ff2e8f99c688712356b8d3ef95baa120b24d98579c0ed6fa2645832fc7b6451ea4bb94a916970d4b1417f2d69e8f7816e8229d7c243a3569645101bf1cba7d44
-
SSDEEP
12288:nZrHpXwLT/99MSZXj9mklGIGyJj8A//yoUfGF3Z4mxxPF1xaZFIF8toQoIBQ:ZrpA//oSF9mkkIhJjX/xUuQmXNXaO8ta
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-