General
-
Target
25323f0cd56df37d73ac6618f7d9d2a9_JaffaCakes118
-
Size
627KB
-
Sample
240704-jtyxestejh
-
MD5
25323f0cd56df37d73ac6618f7d9d2a9
-
SHA1
339dac0ee3aeae7c9c9c917ba5c78d7ce2a22d53
-
SHA256
5e565d6153fe75bfba55c5ba871d87ff21c4a80e303f017f703ed46d12ec6d19
-
SHA512
bf97527aa3fbf3fd452b782f55fc0f2091f56cd8c2e1c65e86253455d42fd717d0271308e7a16b7663c4d89a880d9fc4ae5eb257b5396f8c91b1d242b87a789c
-
SSDEEP
12288:pVCBiA5Kz73V6Uddxt3tF3Z4mxxEDqVTVOChUO:+XKz7l6UddxhtQmXzVTzhUO
Static task
static1
Behavioral task
behavioral1
Sample
25323f0cd56df37d73ac6618f7d9d2a9_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
25323f0cd56df37d73ac6618f7d9d2a9_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
25323f0cd56df37d73ac6618f7d9d2a9_JaffaCakes118
-
Size
627KB
-
MD5
25323f0cd56df37d73ac6618f7d9d2a9
-
SHA1
339dac0ee3aeae7c9c9c917ba5c78d7ce2a22d53
-
SHA256
5e565d6153fe75bfba55c5ba871d87ff21c4a80e303f017f703ed46d12ec6d19
-
SHA512
bf97527aa3fbf3fd452b782f55fc0f2091f56cd8c2e1c65e86253455d42fd717d0271308e7a16b7663c4d89a880d9fc4ae5eb257b5396f8c91b1d242b87a789c
-
SSDEEP
12288:pVCBiA5Kz73V6Uddxt3tF3Z4mxxEDqVTVOChUO:+XKz7l6UddxhtQmXzVTzhUO
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-