General
-
Target
JaffaCakes118_581599111559af39d587c0a4ad7aec3c
-
Size
706KB
-
Sample
250115-qnmqjavqdp
-
MD5
581599111559af39d587c0a4ad7aec3c
-
SHA1
d4e5df9dbbb4ebc771b8335447db604e8f2fcd1f
-
SHA256
4bcbf3e1b8db650034045a3051c43678b90401525bb002c11b797b099e633166
-
SHA512
7664b7a8caf5f6088c733e71a0c62fd2462700e0d2dc68f95d0ef83701b3773156bd95afcf5a0c60a8afa4fdc925a487a6bdd1600067af686352749d900757a0
-
SSDEEP
12288:yrnDkr9EJIoNEiFEtCNVPMNbEziKR/60LF3Z4mxxYLPOwjLNkf4:ybAGhNEtCN2mjRPLQmXYawXNkg
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_581599111559af39d587c0a4ad7aec3c.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_581599111559af39d587c0a4ad7aec3c.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
JaffaCakes118_581599111559af39d587c0a4ad7aec3c
-
Size
706KB
-
MD5
581599111559af39d587c0a4ad7aec3c
-
SHA1
d4e5df9dbbb4ebc771b8335447db604e8f2fcd1f
-
SHA256
4bcbf3e1b8db650034045a3051c43678b90401525bb002c11b797b099e633166
-
SHA512
7664b7a8caf5f6088c733e71a0c62fd2462700e0d2dc68f95d0ef83701b3773156bd95afcf5a0c60a8afa4fdc925a487a6bdd1600067af686352749d900757a0
-
SSDEEP
12288:yrnDkr9EJIoNEiFEtCNVPMNbEziKR/60LF3Z4mxxYLPOwjLNkf4:ybAGhNEtCN2mjRPLQmXYawXNkg
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-