General
-
Target
09a32979c530c80cb87f56d7eeda2c0b_JaffaCakes118
-
Size
1.7MB
-
Sample
240620-1w4n5atanj
-
MD5
09a32979c530c80cb87f56d7eeda2c0b
-
SHA1
4b7b0320dd74ad2fe9fc5e2d91e476d6dca411bf
-
SHA256
a2c87d019943bf7d1d05f87749c574d10e41e5147f174ee6de6605db8728b8ca
-
SHA512
3e0716ecbc6b72ce270e5d63864a1c439f39c40b91a6db57d9bfbb05b9e365ada86313bd8095d79b23a2cefa2765b17fa765a28c7b41d02a9d0543682cafb539
-
SSDEEP
49152:DDZHyO9BQ2ZpZ4QKtojLzsPi8/4tLE5Fj:DDTBQ2F4QKOPIPi8f
Static task
static1
Behavioral task
behavioral1
Sample
09a32979c530c80cb87f56d7eeda2c0b_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
09a32979c530c80cb87f56d7eeda2c0b_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
09a32979c530c80cb87f56d7eeda2c0b_JaffaCakes118
-
Size
1.7MB
-
MD5
09a32979c530c80cb87f56d7eeda2c0b
-
SHA1
4b7b0320dd74ad2fe9fc5e2d91e476d6dca411bf
-
SHA256
a2c87d019943bf7d1d05f87749c574d10e41e5147f174ee6de6605db8728b8ca
-
SHA512
3e0716ecbc6b72ce270e5d63864a1c439f39c40b91a6db57d9bfbb05b9e365ada86313bd8095d79b23a2cefa2765b17fa765a28c7b41d02a9d0543682cafb539
-
SSDEEP
49152:DDZHyO9BQ2ZpZ4QKtojLzsPi8/4tLE5Fj:DDTBQ2F4QKOPIPi8f
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Deletes itself
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1