General
-
Target
023608e654951d4f51de802b743d3e4e_JaffaCakes118
-
Size
273KB
-
Sample
240620-deqplsvdrd
-
MD5
023608e654951d4f51de802b743d3e4e
-
SHA1
5d6e740831122afdb543b254b75bc114af9a9b27
-
SHA256
abff86df170c399beace1e61c1cf317c9cf44b6923f9ce49328b7fc60117ef76
-
SHA512
05acf2857527c59bb005755f5ddd988819dba14b346b6c3fefff4b25073a35b484847730c62124b0bad47fc667bc00ce5deaf3e41bf0f83b270ecdbc25586252
-
SSDEEP
6144:bjkxGANLL8CG/TjjDrTJ9eq526TMijnNJploYb:bjkxP5qvDrLaijnoW
Behavioral task
behavioral1
Sample
023608e654951d4f51de802b743d3e4e_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
023608e654951d4f51de802b743d3e4e_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
023608e654951d4f51de802b743d3e4e_JaffaCakes118
-
Size
273KB
-
MD5
023608e654951d4f51de802b743d3e4e
-
SHA1
5d6e740831122afdb543b254b75bc114af9a9b27
-
SHA256
abff86df170c399beace1e61c1cf317c9cf44b6923f9ce49328b7fc60117ef76
-
SHA512
05acf2857527c59bb005755f5ddd988819dba14b346b6c3fefff4b25073a35b484847730c62124b0bad47fc667bc00ce5deaf3e41bf0f83b270ecdbc25586252
-
SSDEEP
6144:bjkxGANLL8CG/TjjDrTJ9eq526TMijnNJploYb:bjkxP5qvDrLaijnoW
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1