General
-
Target
2f77a22fd3387747ef755f74a7d10c9e_JaffaCakes118
-
Size
270KB
-
Sample
240510-rbwckshg9y
-
MD5
2f77a22fd3387747ef755f74a7d10c9e
-
SHA1
a809d79400aa2c31309d4eea1d74b6eeb0071b7a
-
SHA256
66c1c7b45601e66a91b9c7e560581f2702463d7be19c49a9ad420835b6a53d5f
-
SHA512
ddbde12d0b0a24752839442ea17a78cf2fbb9cead890b186d88ac4b2eabebb2809a0b8b9cb922eb3ab56d2e34b988d273e535aed4d78aabfc2c80cd8ccc9856d
-
SSDEEP
6144:KG377xS2Vp2CeiorXhwTBOz53bCpcCJJvH:Zr7xS2Vp6FwTxbJJvH
Behavioral task
behavioral1
Sample
2f77a22fd3387747ef755f74a7d10c9e_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2f77a22fd3387747ef755f74a7d10c9e_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
2f77a22fd3387747ef755f74a7d10c9e_JaffaCakes118
-
Size
270KB
-
MD5
2f77a22fd3387747ef755f74a7d10c9e
-
SHA1
a809d79400aa2c31309d4eea1d74b6eeb0071b7a
-
SHA256
66c1c7b45601e66a91b9c7e560581f2702463d7be19c49a9ad420835b6a53d5f
-
SHA512
ddbde12d0b0a24752839442ea17a78cf2fbb9cead890b186d88ac4b2eabebb2809a0b8b9cb922eb3ab56d2e34b988d273e535aed4d78aabfc2c80cd8ccc9856d
-
SSDEEP
6144:KG377xS2Vp2CeiorXhwTBOz53bCpcCJJvH:Zr7xS2Vp6FwTxbJJvH
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1