General
-
Target
1cf73dd6ce0f4ac9e3494f66cfa550ce_JaffaCakes118
-
Size
584KB
-
Sample
240701-3pr3vsxdja
-
MD5
1cf73dd6ce0f4ac9e3494f66cfa550ce
-
SHA1
a2efbd237ee6f207fd92daef87ba4f95f5de1939
-
SHA256
836087923a0db9c86a26cb7ce157eb714dea1cfc4fe9aaa48be778d80639c665
-
SHA512
81de1cd7b2880c895ef10ae7372bea05fa5359375b8169c2bda09fa4c6d835823baaf546e2e940d595d41b0f11e7817103fc45a8213fd827e070b9d39f1eee6d
-
SSDEEP
12288:UuhA434w39sb+nLkmTJMLMF3Z4mxx5pMKFeESdApmsFZB4r:UKAsd39sb+L4MQmXVVHWr
Static task
static1
Behavioral task
behavioral1
Sample
1cf73dd6ce0f4ac9e3494f66cfa550ce_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
1cf73dd6ce0f4ac9e3494f66cfa550ce_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
1cf73dd6ce0f4ac9e3494f66cfa550ce_JaffaCakes118
-
Size
584KB
-
MD5
1cf73dd6ce0f4ac9e3494f66cfa550ce
-
SHA1
a2efbd237ee6f207fd92daef87ba4f95f5de1939
-
SHA256
836087923a0db9c86a26cb7ce157eb714dea1cfc4fe9aaa48be778d80639c665
-
SHA512
81de1cd7b2880c895ef10ae7372bea05fa5359375b8169c2bda09fa4c6d835823baaf546e2e940d595d41b0f11e7817103fc45a8213fd827e070b9d39f1eee6d
-
SSDEEP
12288:UuhA434w39sb+nLkmTJMLMF3Z4mxx5pMKFeESdApmsFZB4r:UKAsd39sb+L4MQmXVVHWr
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-