General
-
Target
1cf98f281d0befbf029f3df689b16e91_JaffaCakes118
-
Size
1.8MB
-
Sample
240701-3rbhws1cpm
-
MD5
1cf98f281d0befbf029f3df689b16e91
-
SHA1
7619d06561921ac1da7804bc1620dcc053b7b53c
-
SHA256
439278b444a423364de3a0e0a9079d146d6217921841cc3301e2063b5b723c81
-
SHA512
e4eae31ef2a3e55df208d7137b813659e3ece7d6b338a5ac4b2c1bb90fb7a75680044b6b021a213ec26562600a45aabdf810eb4c900c6d3c0a293b333235b67c
-
SSDEEP
49152:808WUwulZHaKrS0DzETrT51sV+Y+sc/y2JsHHi:SDweaKrS0fEnd1sV5XcaPi
Static task
static1
Behavioral task
behavioral1
Sample
1cf98f281d0befbf029f3df689b16e91_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
1cf98f281d0befbf029f3df689b16e91_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
1cf98f281d0befbf029f3df689b16e91_JaffaCakes118
-
Size
1.8MB
-
MD5
1cf98f281d0befbf029f3df689b16e91
-
SHA1
7619d06561921ac1da7804bc1620dcc053b7b53c
-
SHA256
439278b444a423364de3a0e0a9079d146d6217921841cc3301e2063b5b723c81
-
SHA512
e4eae31ef2a3e55df208d7137b813659e3ece7d6b338a5ac4b2c1bb90fb7a75680044b6b021a213ec26562600a45aabdf810eb4c900c6d3c0a293b333235b67c
-
SSDEEP
49152:808WUwulZHaKrS0DzETrT51sV+Y+sc/y2JsHHi:SDweaKrS0fEnd1sV5XcaPi
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-