General
-
Target
1c1cb093eb075553cd721d9b6caf13c7_JaffaCakes118
-
Size
577KB
-
Sample
240701-xfzhpaxdnn
-
MD5
1c1cb093eb075553cd721d9b6caf13c7
-
SHA1
3e1bf993c87e5e95c106e76b7347465d69a8c180
-
SHA256
4079bd3de7b40a60c198c57ecd4879a28f62a6b811eab120f3c95ce6e8dbb081
-
SHA512
7291c679b7d7fd7253e411125517bbdc0cd446d59842d69c9bd06344612a2021bab93c50fa0c8864935c8bce647d8387987460f0c4ae216627758102aed1222d
-
SSDEEP
12288:KKDW+/hKrRLZuNg1Q/5OLvH0Aka+F3Z4mxxjQxr3stpUp4vMDbvc2aW:KKDWQg1C/5CvkQmX5tc4vMDTco
Static task
static1
Behavioral task
behavioral1
Sample
1c1cb093eb075553cd721d9b6caf13c7_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
1c1cb093eb075553cd721d9b6caf13c7_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
1c1cb093eb075553cd721d9b6caf13c7_JaffaCakes118
-
Size
577KB
-
MD5
1c1cb093eb075553cd721d9b6caf13c7
-
SHA1
3e1bf993c87e5e95c106e76b7347465d69a8c180
-
SHA256
4079bd3de7b40a60c198c57ecd4879a28f62a6b811eab120f3c95ce6e8dbb081
-
SHA512
7291c679b7d7fd7253e411125517bbdc0cd446d59842d69c9bd06344612a2021bab93c50fa0c8864935c8bce647d8387987460f0c4ae216627758102aed1222d
-
SSDEEP
12288:KKDW+/hKrRLZuNg1Q/5OLvH0Aka+F3Z4mxxjQxr3stpUp4vMDbvc2aW:KKDWQg1C/5CvkQmX5tc4vMDTco
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-