General
-
Target
53aa23b5ca5a46a7af7d15404fb80170_JaffaCakes118
-
Size
108KB
-
Sample
240518-jmb43sac25
-
MD5
53aa23b5ca5a46a7af7d15404fb80170
-
SHA1
17a68bd6c1a548ca2bb12de8e648d6ce0e2c1a7a
-
SHA256
ac14a9c8c3303318670e6bfe019f3a41d9411a4dc4f797f8477f1d1074459237
-
SHA512
07b4b1d43a3a308dad20d7dbaa27996cb2b11edede70cee6d3283315075935c1074547e048d2de38d6a074aa7857c2ade0e1505251512d955dbcb7407b2c58e0
-
SSDEEP
3072:Yoy8j7VnNdrPHaSekwi+mW+2jLcJkz0dout:o8jZ7rvaU3+mWrjLM3doS
Behavioral task
behavioral1
Sample
53aa23b5ca5a46a7af7d15404fb80170_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
53aa23b5ca5a46a7af7d15404fb80170_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
53aa23b5ca5a46a7af7d15404fb80170_JaffaCakes118
-
Size
108KB
-
MD5
53aa23b5ca5a46a7af7d15404fb80170
-
SHA1
17a68bd6c1a548ca2bb12de8e648d6ce0e2c1a7a
-
SHA256
ac14a9c8c3303318670e6bfe019f3a41d9411a4dc4f797f8477f1d1074459237
-
SHA512
07b4b1d43a3a308dad20d7dbaa27996cb2b11edede70cee6d3283315075935c1074547e048d2de38d6a074aa7857c2ade0e1505251512d955dbcb7407b2c58e0
-
SSDEEP
3072:Yoy8j7VnNdrPHaSekwi+mW+2jLcJkz0dout:o8jZ7rvaU3+mWrjLM3doS
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1