General
-
Target
0a1de2fcccd56a2b18f62015b75f7a68_JaffaCakes118
-
Size
111KB
-
Sample
240621-h2nkzszhqc
-
MD5
0a1de2fcccd56a2b18f62015b75f7a68
-
SHA1
9da34d14c8218088422a59559efd32391d8af11e
-
SHA256
8601b9e49934f3148681fbbce45a76af75a19d73520c57218e141ed9e09794ab
-
SHA512
29215380c88b3ac5b1b57ee6bb6e1f49b568eeafc4f8214d517d2aab2253e7b392b7cc298bb9382b2980722cb44b2d2c2b171397d44f9d950281cf7ea831ddb1
-
SSDEEP
3072:B1+MJKrUnFYY5z1i0Nmbi5fJBNoQZFPfWXHout:3IrPj0NmWtNFYoS
Behavioral task
behavioral1
Sample
0a1de2fcccd56a2b18f62015b75f7a68_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
0a1de2fcccd56a2b18f62015b75f7a68_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
0a1de2fcccd56a2b18f62015b75f7a68_JaffaCakes118
-
Size
111KB
-
MD5
0a1de2fcccd56a2b18f62015b75f7a68
-
SHA1
9da34d14c8218088422a59559efd32391d8af11e
-
SHA256
8601b9e49934f3148681fbbce45a76af75a19d73520c57218e141ed9e09794ab
-
SHA512
29215380c88b3ac5b1b57ee6bb6e1f49b568eeafc4f8214d517d2aab2253e7b392b7cc298bb9382b2980722cb44b2d2c2b171397d44f9d950281cf7ea831ddb1
-
SSDEEP
3072:B1+MJKrUnFYY5z1i0Nmbi5fJBNoQZFPfWXHout:3IrPj0NmWtNFYoS
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1