General
-
Target
061982910fdbfed638517be65be29d31_JaffaCakes118
-
Size
529KB
-
Sample
240620-pznxasscqm
-
MD5
061982910fdbfed638517be65be29d31
-
SHA1
54c40ac00ed6785fbf8895cf92bd646d3a5f37c2
-
SHA256
0e04df212a08beba491e55a5f0375ede9996e987c48a2bb27c2c0e941f8f6a82
-
SHA512
e0abe3781b23b6704a0af0a6813063d8d1effb17411db4ed251fa8dc371fd15fe23ef94a86936e4db6d66165d2a8a9cad3a38ef46412ac7c09bcce750a888dc5
-
SSDEEP
12288:dw2YLkMwYH+qknF84ZpuXaYdLWhs1KC9UityJ:mhLjH+DF7pwnWCcYpAJ
Static task
static1
Behavioral task
behavioral1
Sample
061982910fdbfed638517be65be29d31_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
061982910fdbfed638517be65be29d31_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
061982910fdbfed638517be65be29d31_JaffaCakes118
-
Size
529KB
-
MD5
061982910fdbfed638517be65be29d31
-
SHA1
54c40ac00ed6785fbf8895cf92bd646d3a5f37c2
-
SHA256
0e04df212a08beba491e55a5f0375ede9996e987c48a2bb27c2c0e941f8f6a82
-
SHA512
e0abe3781b23b6704a0af0a6813063d8d1effb17411db4ed251fa8dc371fd15fe23ef94a86936e4db6d66165d2a8a9cad3a38ef46412ac7c09bcce750a888dc5
-
SSDEEP
12288:dw2YLkMwYH+qknF84ZpuXaYdLWhs1KC9UityJ:mhLjH+DF7pwnWCcYpAJ
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1