General
-
Target
2546ffb96cf0a1110f044f78fc00af45_JaffaCakes118
-
Size
326KB
-
Sample
240704-kc625ssdmn
-
MD5
2546ffb96cf0a1110f044f78fc00af45
-
SHA1
0606d844ae3b8e7bf5194a3c5e52c081558d278d
-
SHA256
e7d7ff85299977c2c3426f5b9dd08f88c19810b1865b392579dda3fcddbafcbd
-
SHA512
99530f51ea2394df1a558c4c930428beeaae2b6413c9243c7b585af55bd65c6998855000b89be17e6de3482c48bb549c7a37c7699effcf73a53fbc9157ad6c0d
-
SSDEEP
6144:cG377xS2Vp2CeiorXhwTBF53EpcCJJvHMEx0IEoS5e:3r7xS2Vp6FwTSbJJvHlqIEoS5
Behavioral task
behavioral1
Sample
2546ffb96cf0a1110f044f78fc00af45_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
2546ffb96cf0a1110f044f78fc00af45_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
2546ffb96cf0a1110f044f78fc00af45_JaffaCakes118
-
Size
326KB
-
MD5
2546ffb96cf0a1110f044f78fc00af45
-
SHA1
0606d844ae3b8e7bf5194a3c5e52c081558d278d
-
SHA256
e7d7ff85299977c2c3426f5b9dd08f88c19810b1865b392579dda3fcddbafcbd
-
SHA512
99530f51ea2394df1a558c4c930428beeaae2b6413c9243c7b585af55bd65c6998855000b89be17e6de3482c48bb549c7a37c7699effcf73a53fbc9157ad6c0d
-
SSDEEP
6144:cG377xS2Vp2CeiorXhwTBF53EpcCJJvHMEx0IEoS5e:3r7xS2Vp6FwTSbJJvHlqIEoS5
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1