General
-
Target
fb552877d8149be7f988aa678c3d88ec_JaffaCakes118
-
Size
144KB
-
Sample
240928-c11k9svdrd
-
MD5
fb552877d8149be7f988aa678c3d88ec
-
SHA1
a1bc21102f3b0988b1f34970633d955e3184a1f0
-
SHA256
d44e1f4a6c188cdc3b0bd1e29e7979c228ed84b1f199abaffb7ac99244549aa7
-
SHA512
9e7967ec67f13f99c5c5c7c6a7990940eb54c15981e4db27c771bb0d2d73fbec3bfb810558721be1f46f26726a1cc5c71ec1c27001e36e2e2bcb6be1628fa3a5
-
SSDEEP
3072:bSWIjftsuB4Hf7b7uZo2KuNuMNTPvLFcv00Ej9s3aMEEU:ajP4HjbCLKCvDvkEja+R
Behavioral task
behavioral1
Sample
fb552877d8149be7f988aa678c3d88ec_JaffaCakes118.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
fb552877d8149be7f988aa678c3d88ec_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
fb552877d8149be7f988aa678c3d88ec_JaffaCakes118
-
Size
144KB
-
MD5
fb552877d8149be7f988aa678c3d88ec
-
SHA1
a1bc21102f3b0988b1f34970633d955e3184a1f0
-
SHA256
d44e1f4a6c188cdc3b0bd1e29e7979c228ed84b1f199abaffb7ac99244549aa7
-
SHA512
9e7967ec67f13f99c5c5c7c6a7990940eb54c15981e4db27c771bb0d2d73fbec3bfb810558721be1f46f26726a1cc5c71ec1c27001e36e2e2bcb6be1628fa3a5
-
SSDEEP
3072:bSWIjftsuB4Hf7b7uZo2KuNuMNTPvLFcv00Ej9s3aMEEU:ajP4HjbCLKCvDvkEja+R
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-