General
-
Target
0931569294082db5bc50e4d2c857ebe6_JaffaCakes118
-
Size
905KB
-
Sample
240620-ygafmaydqk
-
MD5
0931569294082db5bc50e4d2c857ebe6
-
SHA1
d0b899ac729cd721cfbd1c854d0bccad121a221c
-
SHA256
b7b69122f524005c5466759233911deb0397d1922b6c9ac77041f0190c5ed9cb
-
SHA512
dc507e8fb96fff66fe88a2757dbd2753a97815b57e33fa97dc420d8aa3acd9326b5fdfcfa61d9d5bdb4d33b7253f66a7b51690578482401687b1e5f56da03dce
-
SSDEEP
24576:YKwQrsiK3Sr0ckHCb2/xg348uS8o2wYyGv:YKl83VckHLf8uLoLGv
Static task
static1
Behavioral task
behavioral1
Sample
0931569294082db5bc50e4d2c857ebe6_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
0931569294082db5bc50e4d2c857ebe6_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
0931569294082db5bc50e4d2c857ebe6_JaffaCakes118
-
Size
905KB
-
MD5
0931569294082db5bc50e4d2c857ebe6
-
SHA1
d0b899ac729cd721cfbd1c854d0bccad121a221c
-
SHA256
b7b69122f524005c5466759233911deb0397d1922b6c9ac77041f0190c5ed9cb
-
SHA512
dc507e8fb96fff66fe88a2757dbd2753a97815b57e33fa97dc420d8aa3acd9326b5fdfcfa61d9d5bdb4d33b7253f66a7b51690578482401687b1e5f56da03dce
-
SSDEEP
24576:YKwQrsiK3Sr0ckHCb2/xg348uS8o2wYyGv:YKl83VckHLf8uLoLGv
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1