General
-
Target
0dc2bd0568223a98ba681ccdcad7be8b_JaffaCakes118
-
Size
270KB
-
Sample
240502-haq7ssbd9s
-
MD5
0dc2bd0568223a98ba681ccdcad7be8b
-
SHA1
69a5befdaefca3ba4389334bd51a7709cc20b432
-
SHA256
d33be5ce5ec7eccae71336901da3dc2a7ff49454806873a622c70116edfb6b66
-
SHA512
8920d390e7b06942a67b3492ec79b0f15f0257dcfdbc442fc114a7047a882528e99188dd10240a1c27b348bda7e2930623db0346c0a5c2a7283b5440e737ffbc
-
SSDEEP
6144:KG377xS2Vp2CeiorXhwTBOz532opcCJJvH:Zr7xS2Vp6FwTWbJJvH
Behavioral task
behavioral1
Sample
0dc2bd0568223a98ba681ccdcad7be8b_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
0dc2bd0568223a98ba681ccdcad7be8b_JaffaCakes118.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
0dc2bd0568223a98ba681ccdcad7be8b_JaffaCakes118
-
Size
270KB
-
MD5
0dc2bd0568223a98ba681ccdcad7be8b
-
SHA1
69a5befdaefca3ba4389334bd51a7709cc20b432
-
SHA256
d33be5ce5ec7eccae71336901da3dc2a7ff49454806873a622c70116edfb6b66
-
SHA512
8920d390e7b06942a67b3492ec79b0f15f0257dcfdbc442fc114a7047a882528e99188dd10240a1c27b348bda7e2930623db0346c0a5c2a7283b5440e737ffbc
-
SSDEEP
6144:KG377xS2Vp2CeiorXhwTBOz532opcCJJvH:Zr7xS2Vp6FwTWbJJvH
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1