General
-
Target
174c85c315f791137ba772323832e3a8_JaffaCakes118
-
Size
684KB
-
Sample
240627-yhgw4azcmq
-
MD5
174c85c315f791137ba772323832e3a8
-
SHA1
51a1a72e1aa3c35872ec6b7f97cc81712e84bbaa
-
SHA256
e38c0d4a0dc32a7522228bc357288b2a848a85660ae5ee0224162823f6130026
-
SHA512
8f2510a4356deaca34f8be3c36802368acce2a79dac01645dfcf299e8ded3180ced8c0073cf931ec7200609203f955eaa1ab300eaad01e7a88775ab5fd54d70c
-
SSDEEP
12288:Ij2w3rk+yiBbhfHTtltLQ8UOYeCytF3Z4mxxdCpde+o1ZUT:IjzFBbhfzrtLx6eCytQmXdCphony
Static task
static1
Behavioral task
behavioral1
Sample
174c85c315f791137ba772323832e3a8_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
174c85c315f791137ba772323832e3a8_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
174c85c315f791137ba772323832e3a8_JaffaCakes118
-
Size
684KB
-
MD5
174c85c315f791137ba772323832e3a8
-
SHA1
51a1a72e1aa3c35872ec6b7f97cc81712e84bbaa
-
SHA256
e38c0d4a0dc32a7522228bc357288b2a848a85660ae5ee0224162823f6130026
-
SHA512
8f2510a4356deaca34f8be3c36802368acce2a79dac01645dfcf299e8ded3180ced8c0073cf931ec7200609203f955eaa1ab300eaad01e7a88775ab5fd54d70c
-
SSDEEP
12288:Ij2w3rk+yiBbhfHTtltLQ8UOYeCytF3Z4mxxdCpde+o1ZUT:IjzFBbhfzrtLx6eCytQmXdCphony
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-