Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
f94444f5677cd30b531e2d9eed40991c_JaffaCakes118
-
Size
401KB
-
Sample
240926-2df1sa1crl
-
MD5
f94444f5677cd30b531e2d9eed40991c
-
SHA1
e6ba439064ea61986b02da6f81c292365655a8ed
-
SHA256
8bcb1707d05db21b67a7281b1a6a972ba3efc51e9b34259962a30215363b6cc3
-
SHA512
3538bdebae89e4491d6e182bf3a606401b0528f0fa3bf699f71ef5cf1e0436f907552e19c4b80f2325d5a387aa259936906c5b1d2b412161f34da031fba619bc
-
SSDEEP
6144:f0fl8CZlpC8wTTT7zYIpDG3tLLQQFk8vCi98E71K0n5DFDh2E+ccEoWTruCY5MVI:M99ZlQ2QYk8TKE7U0tRhciuzTD
Behavioral task
behavioral1
Sample
f94444f5677cd30b531e2d9eed40991c_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
f94444f5677cd30b531e2d9eed40991c_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
f94444f5677cd30b531e2d9eed40991c_JaffaCakes118
-
Size
401KB
-
MD5
f94444f5677cd30b531e2d9eed40991c
-
SHA1
e6ba439064ea61986b02da6f81c292365655a8ed
-
SHA256
8bcb1707d05db21b67a7281b1a6a972ba3efc51e9b34259962a30215363b6cc3
-
SHA512
3538bdebae89e4491d6e182bf3a606401b0528f0fa3bf699f71ef5cf1e0436f907552e19c4b80f2325d5a387aa259936906c5b1d2b412161f34da031fba619bc
-
SSDEEP
6144:f0fl8CZlpC8wTTT7zYIpDG3tLLQQFk8vCi98E71K0n5DFDh2E+ccEoWTruCY5MVI:M99ZlQ2QYk8TKE7U0tRhciuzTD
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-