General
-
Target
4a61ff19ad59a5d94c0f384e79dd4dd8_JaffaCakes118
-
Size
336KB
-
Sample
240516-laq4ksec43
-
MD5
4a61ff19ad59a5d94c0f384e79dd4dd8
-
SHA1
50da33e73d959568e6e3373ffd3921ab3bb43df1
-
SHA256
1eba776c491e2d34bb8bc14cb05fb0c9323ced07783e569c1bedd4f7c5af9ae6
-
SHA512
75317aadb2d24570c7441d0071dfdbef0b17753949264429f34f207580edbb05313d72cd9bbff44b04832250ab4d1e7d64de8739d67c286595be1312e1682ce7
-
SSDEEP
6144:NG377xS2Vp2CeiorXhwTBOFlQL53LpcCJJvH:wr7xS2Vp6FwTlxbJJvH
Behavioral task
behavioral1
Sample
4a61ff19ad59a5d94c0f384e79dd4dd8_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
4a61ff19ad59a5d94c0f384e79dd4dd8_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
4a61ff19ad59a5d94c0f384e79dd4dd8_JaffaCakes118
-
Size
336KB
-
MD5
4a61ff19ad59a5d94c0f384e79dd4dd8
-
SHA1
50da33e73d959568e6e3373ffd3921ab3bb43df1
-
SHA256
1eba776c491e2d34bb8bc14cb05fb0c9323ced07783e569c1bedd4f7c5af9ae6
-
SHA512
75317aadb2d24570c7441d0071dfdbef0b17753949264429f34f207580edbb05313d72cd9bbff44b04832250ab4d1e7d64de8739d67c286595be1312e1682ce7
-
SSDEEP
6144:NG377xS2Vp2CeiorXhwTBOFlQL53LpcCJJvH:wr7xS2Vp6FwTlxbJJvH
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1