General
-
Target
159e9824fb106c09042adc167d282d29_JaffaCakes118
-
Size
405KB
-
Sample
240627-l9vaaaycrq
-
MD5
159e9824fb106c09042adc167d282d29
-
SHA1
bca18b9b043d9e060ecd390ae807efb18266ee8d
-
SHA256
aab3211eef5c876eb99106878ba63c29b05fa968b44b4a5c10977ccdcf4d12f6
-
SHA512
57a11eaaa7d470fe7d8a5e75d5e1d1511dcefe7421c802fb295a308f81654fb0f09240e24f9104ea3ddd4d908114d6a4ac01e4d5feb215ccb841d4644f0c962b
-
SSDEEP
6144:ydw6ZYyddSLWuM9w8MOnrjAHlNEsBz7L2293x8f5SoPDk8KFtEDrp9SVUKg93HYv:iZdTnF1nqaYz7Rgo86EDlo
Static task
static1
Behavioral task
behavioral1
Sample
159e9824fb106c09042adc167d282d29_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
159e9824fb106c09042adc167d282d29_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
159e9824fb106c09042adc167d282d29_JaffaCakes118
-
Size
405KB
-
MD5
159e9824fb106c09042adc167d282d29
-
SHA1
bca18b9b043d9e060ecd390ae807efb18266ee8d
-
SHA256
aab3211eef5c876eb99106878ba63c29b05fa968b44b4a5c10977ccdcf4d12f6
-
SHA512
57a11eaaa7d470fe7d8a5e75d5e1d1511dcefe7421c802fb295a308f81654fb0f09240e24f9104ea3ddd4d908114d6a4ac01e4d5feb215ccb841d4644f0c962b
-
SSDEEP
6144:ydw6ZYyddSLWuM9w8MOnrjAHlNEsBz7L2293x8f5SoPDk8KFtEDrp9SVUKg93HYv:iZdTnF1nqaYz7Rgo86EDlo
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-