General
-
Target
67054f8880a86ab0bb058e97f768e591_JaffaCakes118
-
Size
273KB
-
Sample
240522-m18a8acd9w
-
MD5
67054f8880a86ab0bb058e97f768e591
-
SHA1
bf15ffd356d2c3b96e6e673123509be3acdb42e6
-
SHA256
057142833196cbe83ea93ea135fd8d8884ffba119a51d213ab40da8878caa3ad
-
SHA512
35b817f2678a40f0e11693a421e9936da5e28b588141b5d087c767b7b930e3d46128ee1654be26b4ea55dc6f4116b46442811344dee7e5b9d45bad28c1e19b59
-
SSDEEP
6144:SGyjnBSkuV1d4eZd88ORJIf/wTB4M53Spc:BYnBSkuVUeZdYqwTk
Behavioral task
behavioral1
Sample
67054f8880a86ab0bb058e97f768e591_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
67054f8880a86ab0bb058e97f768e591_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
67054f8880a86ab0bb058e97f768e591_JaffaCakes118
-
Size
273KB
-
MD5
67054f8880a86ab0bb058e97f768e591
-
SHA1
bf15ffd356d2c3b96e6e673123509be3acdb42e6
-
SHA256
057142833196cbe83ea93ea135fd8d8884ffba119a51d213ab40da8878caa3ad
-
SHA512
35b817f2678a40f0e11693a421e9936da5e28b588141b5d087c767b7b930e3d46128ee1654be26b4ea55dc6f4116b46442811344dee7e5b9d45bad28c1e19b59
-
SSDEEP
6144:SGyjnBSkuV1d4eZd88ORJIf/wTB4M53Spc:BYnBSkuVUeZdYqwTk
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1