General
-
Target
56cb806977ecd4433c3422d1743e0049_JaffaCakes118
-
Size
270KB
-
Sample
240518-zystzaff3x
-
MD5
56cb806977ecd4433c3422d1743e0049
-
SHA1
85f94735a8f606f6a5e092017305e846ea1447da
-
SHA256
3fcf1c8285aed86b47adc02c6527253fb3264da7f733f7bbd3a9522c32703989
-
SHA512
f54bd7e66971b804c5b8552573b912a4b504d3de31f8fe74996c5e035580b4ba6ba18b23f075e330d2dd4c710688f4072137447a0e16d6f0ba504c53f59f4f09
-
SSDEEP
6144:KG377xS2Vp2CeiorXhwTBOz53ZpcCJJvH:Zr7xS2Vp6FwTabJJvH
Behavioral task
behavioral1
Sample
56cb806977ecd4433c3422d1743e0049_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
56cb806977ecd4433c3422d1743e0049_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
56cb806977ecd4433c3422d1743e0049_JaffaCakes118
-
Size
270KB
-
MD5
56cb806977ecd4433c3422d1743e0049
-
SHA1
85f94735a8f606f6a5e092017305e846ea1447da
-
SHA256
3fcf1c8285aed86b47adc02c6527253fb3264da7f733f7bbd3a9522c32703989
-
SHA512
f54bd7e66971b804c5b8552573b912a4b504d3de31f8fe74996c5e035580b4ba6ba18b23f075e330d2dd4c710688f4072137447a0e16d6f0ba504c53f59f4f09
-
SSDEEP
6144:KG377xS2Vp2CeiorXhwTBOz53ZpcCJJvH:Zr7xS2Vp6FwTabJJvH
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1