Behavioral task
behavioral1
Sample
Bank Details Changed..exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
Bank Details Changed..exe
Resource
win10v2004-20240802-en
General
-
Target
ae887d49b6ef4bab22df1aef6a82d37f_JaffaCakes118
-
Size
401KB
-
MD5
ae887d49b6ef4bab22df1aef6a82d37f
-
SHA1
1c46dc0506cff513e43d2b3ee00eb9afcfadb7ee
-
SHA256
92e4d0425add471bb8ef19a26ffcd2bf65afa6819f05f8473eb3f8d46a4bdc0f
-
SHA512
cb4bb72fd4a8dfecd06bc67aeb31f1b7aef95b99730f41780d7fb4c4704f9a05e1087041a625f7358697f045daf7ecc111d99fd668c455130ee2b67736ec217f
-
SSDEEP
6144:mFMWOX2oDq4wlD2fbAJ8uAHMzvbMDvHaQHrx8jSYaq5MYljQ4d/U6zDmWzfzzu:tWOTDq4DAJP+xv6QLkSY3+M/B3tzfW
Malware Config
Signatures
-
ModiLoader First Stage 1 IoCs
resource yara_rule static1/unpack002/Bank Details Changed..exe modiloader_stage1 -
Modiloader family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack002/Bank Details Changed..exe
Files
-
ae887d49b6ef4bab22df1aef6a82d37f_JaffaCakes118.ace
-
out.ace.ace
-
Bank Details Changed..exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
CODE Size: 595KB - Virtual size: 595KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
DATA Size: 425KB - Virtual size: 424KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BSS Size: - Virtual size: 3KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: - Virtual size: 16B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 41KB - Virtual size: 40KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 157KB - Virtual size: 156KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ