General
-
Target
dde9951e574d4ead556af8484550bb38_JaffaCakes118
-
Size
287KB
-
Sample
240913-ht4l8s1bjf
-
MD5
dde9951e574d4ead556af8484550bb38
-
SHA1
98a2fea1d72a093566acfc6d63d2eb1f9159ff3f
-
SHA256
2da221ecdec8391f2fe0886c23fba33a0d8a3c1b13159f26b8a72f71e3e45719
-
SHA512
392209ed62f189c30b071a244804b61a436a0601feefa7b0c9fe4ff7370aba641fe69c9d7325bfa560b35557ec7664af63da40622dde991aba31c2f34a720de9
-
SSDEEP
6144:P8urraTBw8Lib2qX2T+jFMsK3gZii6IaLzU/8g0km8UEpSmEoCJI2itP3N7FY/LY:0urrsWbXX2TyysK3gZii6IMzU/rfm8U6
Behavioral task
behavioral1
Sample
dde9951e574d4ead556af8484550bb38_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
dde9951e574d4ead556af8484550bb38_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
dde9951e574d4ead556af8484550bb38_JaffaCakes118
-
Size
287KB
-
MD5
dde9951e574d4ead556af8484550bb38
-
SHA1
98a2fea1d72a093566acfc6d63d2eb1f9159ff3f
-
SHA256
2da221ecdec8391f2fe0886c23fba33a0d8a3c1b13159f26b8a72f71e3e45719
-
SHA512
392209ed62f189c30b071a244804b61a436a0601feefa7b0c9fe4ff7370aba641fe69c9d7325bfa560b35557ec7664af63da40622dde991aba31c2f34a720de9
-
SSDEEP
6144:P8urraTBw8Lib2qX2T+jFMsK3gZii6IaLzU/8g0km8UEpSmEoCJI2itP3N7FY/LY:0urrsWbXX2TyysK3gZii6IMzU/rfm8U6
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-