General
-
Target
08af4e8b76859a349deabfd5411b6dbd_JaffaCakes118
-
Size
270KB
-
Sample
240430-bkh6lsgc7x
-
MD5
08af4e8b76859a349deabfd5411b6dbd
-
SHA1
4be6a385decf8bf02805758b50086bda0fbd30cf
-
SHA256
ad28e74afe73b83b04da8e041c8d89e5a76c2ede78f696314f131cd5d130f626
-
SHA512
a9666bfdcbb2cbd9f3692b7cd9ca197480a5af2307ea9647d3a34890ac5a7126c66c3e1de71a824736d56e179bc1ad09c2c4ad853d4c63fe7460825a1368485a
-
SSDEEP
6144:KG377xS2Vp2CeiorXhwTBOz53jpcCJJvH:Zr7xS2Vp6FwTEbJJvH
Behavioral task
behavioral1
Sample
08af4e8b76859a349deabfd5411b6dbd_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
08af4e8b76859a349deabfd5411b6dbd_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
08af4e8b76859a349deabfd5411b6dbd_JaffaCakes118
-
Size
270KB
-
MD5
08af4e8b76859a349deabfd5411b6dbd
-
SHA1
4be6a385decf8bf02805758b50086bda0fbd30cf
-
SHA256
ad28e74afe73b83b04da8e041c8d89e5a76c2ede78f696314f131cd5d130f626
-
SHA512
a9666bfdcbb2cbd9f3692b7cd9ca197480a5af2307ea9647d3a34890ac5a7126c66c3e1de71a824736d56e179bc1ad09c2c4ad853d4c63fe7460825a1368485a
-
SSDEEP
6144:KG377xS2Vp2CeiorXhwTBOz53jpcCJJvH:Zr7xS2Vp6FwTEbJJvH
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1