General
-
Target
09c85491ac1f04ddd9af3153b1b0c176_JaffaCakes118
-
Size
1.3MB
-
Sample
240620-2a3elszena
-
MD5
09c85491ac1f04ddd9af3153b1b0c176
-
SHA1
810d7c8d3d50fa00b48a40b7583bc343075fb1b4
-
SHA256
e7a90472880c7dc6596332555888e72ebc7cf41e21917a47d20c4bec398e7b84
-
SHA512
117bc618e885aa10c414ba4dd74d73c3c39f72957dc8a82e785156b1055ccae09e88d03fbc524d00dae499c4ed489071ae190812d7efef5bcf74def551ad2d99
-
SSDEEP
24576:NaHMv6Corjqny/Qj5lZz5yEeY597/Fv3JbxEiv4A7WJ0:N1vqjd/QNzEEeG97/Fv3fEEMJ0
Static task
static1
Behavioral task
behavioral1
Sample
09c85491ac1f04ddd9af3153b1b0c176_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
09c85491ac1f04ddd9af3153b1b0c176_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
09c85491ac1f04ddd9af3153b1b0c176_JaffaCakes118
-
Size
1.3MB
-
MD5
09c85491ac1f04ddd9af3153b1b0c176
-
SHA1
810d7c8d3d50fa00b48a40b7583bc343075fb1b4
-
SHA256
e7a90472880c7dc6596332555888e72ebc7cf41e21917a47d20c4bec398e7b84
-
SHA512
117bc618e885aa10c414ba4dd74d73c3c39f72957dc8a82e785156b1055ccae09e88d03fbc524d00dae499c4ed489071ae190812d7efef5bcf74def551ad2d99
-
SSDEEP
24576:NaHMv6Corjqny/Qj5lZz5yEeY597/Fv3JbxEiv4A7WJ0:N1vqjd/QNzEEeG97/Fv3fEEMJ0
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1