General
-
Target
0acb0bcc5938c274ef46b7f982eedd03_JaffaCakes118
-
Size
629KB
-
Sample
240621-lxeztsyglm
-
MD5
0acb0bcc5938c274ef46b7f982eedd03
-
SHA1
84a652c3a8a2ae3cebf304fdedc67c3c7ec0143d
-
SHA256
d7c31d9052315be2da6bba851d4f8c59c36d3c007d26745b7a8981e1fde9c1dc
-
SHA512
cbf8c4dab3e71a73e002e44e37eed55dd7efe1ba0839a700f0d974fc56124fae5ab02ec6cc7a66f8a7633dea31e5006dc785fe5c71c4f20509274f33e372899e
-
SSDEEP
12288:DDNkFa5fF7RTX979xwJyTW7DsVpCV3Qs9iZ3b1FPUukQQ:DJ+gF1tTyyTW7Cprs9iFHP4z
Static task
static1
Behavioral task
behavioral1
Sample
0acb0bcc5938c274ef46b7f982eedd03_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
0acb0bcc5938c274ef46b7f982eedd03_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
0acb0bcc5938c274ef46b7f982eedd03_JaffaCakes118
-
Size
629KB
-
MD5
0acb0bcc5938c274ef46b7f982eedd03
-
SHA1
84a652c3a8a2ae3cebf304fdedc67c3c7ec0143d
-
SHA256
d7c31d9052315be2da6bba851d4f8c59c36d3c007d26745b7a8981e1fde9c1dc
-
SHA512
cbf8c4dab3e71a73e002e44e37eed55dd7efe1ba0839a700f0d974fc56124fae5ab02ec6cc7a66f8a7633dea31e5006dc785fe5c71c4f20509274f33e372899e
-
SSDEEP
12288:DDNkFa5fF7RTX979xwJyTW7DsVpCV3Qs9iZ3b1FPUukQQ:DJ+gF1tTyyTW7Cprs9iFHP4z
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1