General
-
Target
907ded24e43b59b9b54c82802f4c27ce_JaffaCakes118
-
Size
293KB
-
Sample
240603-erj82acb64
-
MD5
907ded24e43b59b9b54c82802f4c27ce
-
SHA1
9717455e5cb728dfd65751897aca60c6722d1f93
-
SHA256
65e3182810f7ced146c4d695ff8d089b9538c51f59d734c9e9c50afa222cf1db
-
SHA512
6522b1aa9071b7e2b1f90b82a9a74b644abd0301c0037fa4f97638cac1757eb8059c1636359d72780e373400df123271ac17c84dcc762aea9865a06cb1be4033
-
SSDEEP
6144:aG377xS2Vp2CeiorXhwTBOc53YpcCJJvH:Jr7xS2Vp6FwTMbJJvH
Behavioral task
behavioral1
Sample
907ded24e43b59b9b54c82802f4c27ce_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
907ded24e43b59b9b54c82802f4c27ce_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
907ded24e43b59b9b54c82802f4c27ce_JaffaCakes118
-
Size
293KB
-
MD5
907ded24e43b59b9b54c82802f4c27ce
-
SHA1
9717455e5cb728dfd65751897aca60c6722d1f93
-
SHA256
65e3182810f7ced146c4d695ff8d089b9538c51f59d734c9e9c50afa222cf1db
-
SHA512
6522b1aa9071b7e2b1f90b82a9a74b644abd0301c0037fa4f97638cac1757eb8059c1636359d72780e373400df123271ac17c84dcc762aea9865a06cb1be4033
-
SSDEEP
6144:aG377xS2Vp2CeiorXhwTBOc53YpcCJJvH:Jr7xS2Vp6FwTMbJJvH
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1