General
-
Target
80828eb47e291be6d463edf3f7a88e95_JaffaCakes118
-
Size
653KB
-
Sample
241030-21jp7ashme
-
MD5
80828eb47e291be6d463edf3f7a88e95
-
SHA1
88cd37807840b9200c950db176cf04d8daaa9839
-
SHA256
f5d35f53155706ec4493f30f3fe222f6166c5fad0f287e7707c1ac7c1ea7b407
-
SHA512
4ef278b28b82c317594930dfd73238dc979d45b24b5927af866a5026d0b2171810e42dfc3211411b6c67d230a362258c91754d1d5a2c7924c96eff01178266c3
-
SSDEEP
12288:r7FFqmbu5awoIa7spYJ2OmE+XneIfs4tbAAFTI1c2obY7UtJSQROk7mFGp:h65MJspYgbjXeIHtbrTaocgtncNGp
Static task
static1
Behavioral task
behavioral1
Sample
80828eb47e291be6d463edf3f7a88e95_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
80828eb47e291be6d463edf3f7a88e95_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
80828eb47e291be6d463edf3f7a88e95_JaffaCakes118
-
Size
653KB
-
MD5
80828eb47e291be6d463edf3f7a88e95
-
SHA1
88cd37807840b9200c950db176cf04d8daaa9839
-
SHA256
f5d35f53155706ec4493f30f3fe222f6166c5fad0f287e7707c1ac7c1ea7b407
-
SHA512
4ef278b28b82c317594930dfd73238dc979d45b24b5927af866a5026d0b2171810e42dfc3211411b6c67d230a362258c91754d1d5a2c7924c96eff01178266c3
-
SSDEEP
12288:r7FFqmbu5awoIa7spYJ2OmE+XneIfs4tbAAFTI1c2obY7UtJSQROk7mFGp:h65MJspYgbjXeIHtbrTaocgtncNGp
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Deletes itself
-
Executes dropped EXE
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-