General
-
Target
0612926f77935a0a2f782397c066af2b_JaffaCakes118
-
Size
125KB
-
Sample
240620-pxgefasbpn
-
MD5
0612926f77935a0a2f782397c066af2b
-
SHA1
442775d8475a87bc59f8668a603b23e8dfa8d6a8
-
SHA256
4ab3565dfb1a72efb4c16d8d2088a50f817864e818de5c57a01e4c33a1d82591
-
SHA512
dd0a49cf11ac0816b4ab1f5e202fdc0b78dc19f2e98b2a4302ad19823ae144fd7f34fc670471c642ef2e858c25e210e47ff25f166b50458d5ee7a3661bb06060
-
SSDEEP
3072:SOsoy8j7VnNdrPHaSekwi+mW95jLFl51WoutiNtV:Nc8jZ7rvaU3+mW9ZH51WoSc
Behavioral task
behavioral1
Sample
0612926f77935a0a2f782397c066af2b_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
0612926f77935a0a2f782397c066af2b_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
0612926f77935a0a2f782397c066af2b_JaffaCakes118
-
Size
125KB
-
MD5
0612926f77935a0a2f782397c066af2b
-
SHA1
442775d8475a87bc59f8668a603b23e8dfa8d6a8
-
SHA256
4ab3565dfb1a72efb4c16d8d2088a50f817864e818de5c57a01e4c33a1d82591
-
SHA512
dd0a49cf11ac0816b4ab1f5e202fdc0b78dc19f2e98b2a4302ad19823ae144fd7f34fc670471c642ef2e858c25e210e47ff25f166b50458d5ee7a3661bb06060
-
SSDEEP
3072:SOsoy8j7VnNdrPHaSekwi+mW95jLFl51WoutiNtV:Nc8jZ7rvaU3+mW9ZH51WoSc
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1