General
-
Target
1a63e8b57aa6899a77ad75e5cda324ed_JaffaCakes118
-
Size
719KB
-
Sample
240628-rax5sawdjq
-
MD5
1a63e8b57aa6899a77ad75e5cda324ed
-
SHA1
37dbb0fbb76ba2bdc79ef3c1b7c47826dd2e4cb6
-
SHA256
1f606c4949123eef771fbfc9274e4451157d0780297bdd31bf14a2c73f61265e
-
SHA512
be8ffca96fdca5de1ae3bb6a79b39e7c5f96336d3dc07dee2842b14548b3787aba505dbfd850edc310da92ca7593ad2daa08c4189c962b5fcead1d82d0d5e337
-
SSDEEP
12288:6XgPVmsO7H+JeYkZQors8sEyMGXxeOlX4EEPSwDfAmgBJbf8AwnBrRm8dZ/X:AoZ3J78GDX4bEmCb+rRvZ/X
Static task
static1
Behavioral task
behavioral1
Sample
1a63e8b57aa6899a77ad75e5cda324ed_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
1a63e8b57aa6899a77ad75e5cda324ed_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
1a63e8b57aa6899a77ad75e5cda324ed_JaffaCakes118
-
Size
719KB
-
MD5
1a63e8b57aa6899a77ad75e5cda324ed
-
SHA1
37dbb0fbb76ba2bdc79ef3c1b7c47826dd2e4cb6
-
SHA256
1f606c4949123eef771fbfc9274e4451157d0780297bdd31bf14a2c73f61265e
-
SHA512
be8ffca96fdca5de1ae3bb6a79b39e7c5f96336d3dc07dee2842b14548b3787aba505dbfd850edc310da92ca7593ad2daa08c4189c962b5fcead1d82d0d5e337
-
SSDEEP
12288:6XgPVmsO7H+JeYkZQors8sEyMGXxeOlX4EEPSwDfAmgBJbf8AwnBrRm8dZ/X:AoZ3J78GDX4bEmCb+rRvZ/X
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-