General
-
Target
72bbc0dbb3f8af22fbb9488ef2fa3cab_JaffaCakes118
-
Size
899KB
-
Sample
240726-f2ea7s1hrh
-
MD5
72bbc0dbb3f8af22fbb9488ef2fa3cab
-
SHA1
d9d00a104ba94d137d506411768af11e4b94bb73
-
SHA256
1ad413106af0ac0906c196f7dd5666976c5d70840af75610657c6e7ace80fad5
-
SHA512
5871033c98e82d278ff65d633867a792b5001afb3c1dc00ae2f35e0028162aa2a8be6e605c2ab95f5e9e28d63a741203632bc9f86a22fc99d2778136fcc5333e
-
SSDEEP
24576:tUENq+CsnkM7WVZGrR44jeaXhMzdqTZZClCBk7RG:tzqC6jGt9CaXKhqTTClCBORG
Static task
static1
Behavioral task
behavioral1
Sample
72bbc0dbb3f8af22fbb9488ef2fa3cab_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
72bbc0dbb3f8af22fbb9488ef2fa3cab_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
72bbc0dbb3f8af22fbb9488ef2fa3cab_JaffaCakes118
-
Size
899KB
-
MD5
72bbc0dbb3f8af22fbb9488ef2fa3cab
-
SHA1
d9d00a104ba94d137d506411768af11e4b94bb73
-
SHA256
1ad413106af0ac0906c196f7dd5666976c5d70840af75610657c6e7ace80fad5
-
SHA512
5871033c98e82d278ff65d633867a792b5001afb3c1dc00ae2f35e0028162aa2a8be6e605c2ab95f5e9e28d63a741203632bc9f86a22fc99d2778136fcc5333e
-
SSDEEP
24576:tUENq+CsnkM7WVZGrR44jeaXhMzdqTZZClCBk7RG:tzqC6jGt9CaXKhqTTClCBORG
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-