General
-
Target
1b12aa24e3bd7cafeef537891d05c676_JaffaCakes118
-
Size
280KB
-
Sample
240701-nagags1fnq
-
MD5
1b12aa24e3bd7cafeef537891d05c676
-
SHA1
c9bccf9083d685cdebade0329501fa4e588670aa
-
SHA256
26e402c7ddc15fb8659a3ea0609d623c37462ad319732d6180fcb81e57c66b3a
-
SHA512
41b1848772e50e087b32b4a008502610ac0cf2611f218f2a2ed7672ab8933383629fc0b4f4f2d9d3d66993525dc152f479432d5ae2f1500265c6f847868a07a9
-
SSDEEP
6144:qV0XlxJnr+/ai2YUPFLZXrP3qKFiWyvUHi+TsS8YiK+IKVPDdjEwm:PXHVga/YOLZXrvdFiWyvUHioslY/piDE
Static task
static1
Behavioral task
behavioral1
Sample
1b12aa24e3bd7cafeef537891d05c676_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
1b12aa24e3bd7cafeef537891d05c676_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
1b12aa24e3bd7cafeef537891d05c676_JaffaCakes118
-
Size
280KB
-
MD5
1b12aa24e3bd7cafeef537891d05c676
-
SHA1
c9bccf9083d685cdebade0329501fa4e588670aa
-
SHA256
26e402c7ddc15fb8659a3ea0609d623c37462ad319732d6180fcb81e57c66b3a
-
SHA512
41b1848772e50e087b32b4a008502610ac0cf2611f218f2a2ed7672ab8933383629fc0b4f4f2d9d3d66993525dc152f479432d5ae2f1500265c6f847868a07a9
-
SSDEEP
6144:qV0XlxJnr+/ai2YUPFLZXrP3qKFiWyvUHi+TsS8YiK+IKVPDdjEwm:PXHVga/YOLZXrvdFiWyvUHioslY/piDE
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-