General
-
Target
250f5f79737c3626da594e0ec58c4e5b_JaffaCakes118
-
Size
312KB
-
Sample
240704-hy369sscne
-
MD5
250f5f79737c3626da594e0ec58c4e5b
-
SHA1
a9d38a89be5cc9928486ead5add35ae3417f209a
-
SHA256
0faa14a6d74e638d3ed35d73e7df0823ac5971595fdc156655b294e824b86a52
-
SHA512
1c75f5aed86f346daf5970ce79ba7e1b87ff9cf477e9d214da8734f0b7f7d61788af92097cbe7229f74e783569ba501c4b9f808e5056f0f2f7ddc1a6f3881559
-
SSDEEP
6144:2GyjnBSkuV1d4eZd88ORJIf/wTBt53ppcDMOoS:1YnBSkuVUeZdYqwTLQoS
Behavioral task
behavioral1
Sample
250f5f79737c3626da594e0ec58c4e5b_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
250f5f79737c3626da594e0ec58c4e5b_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
250f5f79737c3626da594e0ec58c4e5b_JaffaCakes118
-
Size
312KB
-
MD5
250f5f79737c3626da594e0ec58c4e5b
-
SHA1
a9d38a89be5cc9928486ead5add35ae3417f209a
-
SHA256
0faa14a6d74e638d3ed35d73e7df0823ac5971595fdc156655b294e824b86a52
-
SHA512
1c75f5aed86f346daf5970ce79ba7e1b87ff9cf477e9d214da8734f0b7f7d61788af92097cbe7229f74e783569ba501c4b9f808e5056f0f2f7ddc1a6f3881559
-
SSDEEP
6144:2GyjnBSkuV1d4eZd88ORJIf/wTBt53ppcDMOoS:1YnBSkuVUeZdYqwTLQoS
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1