General
-
Target
a053d478aca561af75afcc6facca4eae_JaffaCakes118
-
Size
271KB
-
Sample
241126-g7k7daynhz
-
MD5
a053d478aca561af75afcc6facca4eae
-
SHA1
30230c4d749bb26aedb25f3796a31420f69c28a5
-
SHA256
124fd3bf3bd04df1ad3522d23fcb6cde04aff5199e7fa9ea42ca8ccbf2836b51
-
SHA512
1227cd420b51cdaac3ab1d65277e9204de968766bae7c8e5278033a74db31acef35d8c3d3d11c99de6b86cc3d29977c966e8d6ed9607824d094f325c423c2bb1
-
SSDEEP
6144:7GP77xS2Vp21hLUrwTBoDh53tpcCJJvHa:KD7xS2VpaQwTaRbJJvHa
Behavioral task
behavioral1
Sample
a053d478aca561af75afcc6facca4eae_JaffaCakes118.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
a053d478aca561af75afcc6facca4eae_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
a053d478aca561af75afcc6facca4eae_JaffaCakes118
-
Size
271KB
-
MD5
a053d478aca561af75afcc6facca4eae
-
SHA1
30230c4d749bb26aedb25f3796a31420f69c28a5
-
SHA256
124fd3bf3bd04df1ad3522d23fcb6cde04aff5199e7fa9ea42ca8ccbf2836b51
-
SHA512
1227cd420b51cdaac3ab1d65277e9204de968766bae7c8e5278033a74db31acef35d8c3d3d11c99de6b86cc3d29977c966e8d6ed9607824d094f325c423c2bb1
-
SSDEEP
6144:7GP77xS2Vp21hLUrwTBoDh53tpcCJJvHa:KD7xS2VpaQwTaRbJJvHa
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3