General
-
Target
25c2bc283905e0af50240fbcccb06975_JaffaCakes118
-
Size
581KB
-
Sample
240704-wxfw8sthlf
-
MD5
25c2bc283905e0af50240fbcccb06975
-
SHA1
9c71a567de3cbe859f6c33bb14edf289ca35634b
-
SHA256
d79d6ffe8b13d515beffd7962c65ef92965d1838d8b6c4ac253e877f468c570b
-
SHA512
959c159579b8392d7426ae4566b3549c8cdf0cd01eb13de8a8ef1f9f9be1ff5cca04241ad9d89e39cf9ce6112a013b01f402607af94d8570120160542f08bf05
-
SSDEEP
12288:ZvcQ5UoY9tuhxw2XW9uUWfuIzQY2Cbj70ayBAKK9VHV0rn3bJJvHd:ZhG9tuh+fbWfFVjKBAzejFJvHd
Static task
static1
Behavioral task
behavioral1
Sample
25c2bc283905e0af50240fbcccb06975_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
25c2bc283905e0af50240fbcccb06975_JaffaCakes118.exe
Resource
win10v2004-20240704-en
Malware Config
Targets
-
-
Target
25c2bc283905e0af50240fbcccb06975_JaffaCakes118
-
Size
581KB
-
MD5
25c2bc283905e0af50240fbcccb06975
-
SHA1
9c71a567de3cbe859f6c33bb14edf289ca35634b
-
SHA256
d79d6ffe8b13d515beffd7962c65ef92965d1838d8b6c4ac253e877f468c570b
-
SHA512
959c159579b8392d7426ae4566b3549c8cdf0cd01eb13de8a8ef1f9f9be1ff5cca04241ad9d89e39cf9ce6112a013b01f402607af94d8570120160542f08bf05
-
SSDEEP
12288:ZvcQ5UoY9tuhxw2XW9uUWfuIzQY2Cbj70ayBAKK9VHV0rn3bJJvHd:ZhG9tuh+fbWfFVjKBAzejFJvHd
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1