General
-
Target
8089e6c148201c52afea27cbb4ef2b67_JaffaCakes118
-
Size
109KB
-
Sample
240801-ps5apsvgke
-
MD5
8089e6c148201c52afea27cbb4ef2b67
-
SHA1
9fd47fb1281b0c0ae03579d37e70820b538f7542
-
SHA256
e3130e6602e2b023e46ef7bc9dc0b3a57dce5e49a15b558c321249d2ec9c8786
-
SHA512
39a9303312b76d298d01a0fbbc7184c62ea06f125d81264b6b587710c0f2ef2844713eb2ce4dc54ebf10c6a182cb387e41ebec8c64e46d55dcdc2bb3473ede35
-
SSDEEP
3072:foy8j7VnNdrPHaSekwi+mW+2QwLsSpout:v8jZ7rvaU3+mWrQwLxpoS
Behavioral task
behavioral1
Sample
8089e6c148201c52afea27cbb4ef2b67_JaffaCakes118.exe
Resource
win7-20240704-en
Malware Config
Extracted
latentbot
seytaninavukati.zapto.org
Targets
-
-
Target
8089e6c148201c52afea27cbb4ef2b67_JaffaCakes118
-
Size
109KB
-
MD5
8089e6c148201c52afea27cbb4ef2b67
-
SHA1
9fd47fb1281b0c0ae03579d37e70820b538f7542
-
SHA256
e3130e6602e2b023e46ef7bc9dc0b3a57dce5e49a15b558c321249d2ec9c8786
-
SHA512
39a9303312b76d298d01a0fbbc7184c62ea06f125d81264b6b587710c0f2ef2844713eb2ce4dc54ebf10c6a182cb387e41ebec8c64e46d55dcdc2bb3473ede35
-
SSDEEP
3072:foy8j7VnNdrPHaSekwi+mW+2QwLsSpout:v8jZ7rvaU3+mWrQwLxpoS
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2