General
-
Target
070212884c45e4e358405b364a9151f6_JaffaCakes118
-
Size
270KB
-
Sample
240429-g39zyacd99
-
MD5
070212884c45e4e358405b364a9151f6
-
SHA1
8772e5daec27c1c5330c893c70b8b16cbd987f97
-
SHA256
7b6b9c7b9d50d409db676f3dc3411d2f96aff6ad4ae7fc9ebfe48cf16497a921
-
SHA512
af125bf2d16c038a510d51189fdfa6715a3fbe54505d35bc718c3978679864093e5350da96e739cf0c52ec5eacd1ee9a41d86b8df299272c4489a9384c062b10
-
SSDEEP
6144:KG377xS2Vp2CeiorXhwTBOz53/pcCJJvH:Zr7xS2Vp6FwTsbJJvH
Behavioral task
behavioral1
Sample
070212884c45e4e358405b364a9151f6_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
070212884c45e4e358405b364a9151f6_JaffaCakes118.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
070212884c45e4e358405b364a9151f6_JaffaCakes118
-
Size
270KB
-
MD5
070212884c45e4e358405b364a9151f6
-
SHA1
8772e5daec27c1c5330c893c70b8b16cbd987f97
-
SHA256
7b6b9c7b9d50d409db676f3dc3411d2f96aff6ad4ae7fc9ebfe48cf16497a921
-
SHA512
af125bf2d16c038a510d51189fdfa6715a3fbe54505d35bc718c3978679864093e5350da96e739cf0c52ec5eacd1ee9a41d86b8df299272c4489a9384c062b10
-
SSDEEP
6144:KG377xS2Vp2CeiorXhwTBOz53/pcCJJvH:Zr7xS2Vp6FwTsbJJvH
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1