General
-
Target
012fc69c7ef59fbbc514daead55083ce_JaffaCakes118
-
Size
156KB
-
Sample
240619-3jzwhsxapa
-
MD5
012fc69c7ef59fbbc514daead55083ce
-
SHA1
705651889472f11c356147899fbb5f7e35a44655
-
SHA256
a6adf3ba95f98a4dc8878818821904d9d27cf23f0a71a839d58423396f81f327
-
SHA512
77780e7308f012cf62b8d2a28abba19ea23a5515226c5d31ed8fb2aab24fd17455a9ff4c697a7ae958b5a47ab84d0ca7eaeb78c4c4d690985d69389680176415
-
SSDEEP
3072:S5gnSBllL2Nbl5DmutNPHZamz5HFjmAqO4tk1LrsbyBCPQ6DUCI43MOJg/:CHBllLWbl5KutN0mz5HMAqOv5sbyBmQR
Static task
static1
Behavioral task
behavioral1
Sample
012fc69c7ef59fbbc514daead55083ce_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
012fc69c7ef59fbbc514daead55083ce_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
012fc69c7ef59fbbc514daead55083ce_JaffaCakes118
-
Size
156KB
-
MD5
012fc69c7ef59fbbc514daead55083ce
-
SHA1
705651889472f11c356147899fbb5f7e35a44655
-
SHA256
a6adf3ba95f98a4dc8878818821904d9d27cf23f0a71a839d58423396f81f327
-
SHA512
77780e7308f012cf62b8d2a28abba19ea23a5515226c5d31ed8fb2aab24fd17455a9ff4c697a7ae958b5a47ab84d0ca7eaeb78c4c4d690985d69389680176415
-
SSDEEP
3072:S5gnSBllL2Nbl5DmutNPHZamz5HFjmAqO4tk1LrsbyBCPQ6DUCI43MOJg/:CHBllLWbl5KutN0mz5HMAqOv5sbyBmQR
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1