General
-
Target
JaffaCakes118_4bdc8e054cd0b630b16042393d4a51ad
-
Size
618KB
-
Sample
250304-hr8s6stsgs
-
MD5
4bdc8e054cd0b630b16042393d4a51ad
-
SHA1
cb7a3477b46cbf19d2fb4031a528b74d8eda1c7c
-
SHA256
30b5974779b6cfadd56a56811417a219f58a19f7bf61ec6b1b2cea8b884817ff
-
SHA512
099f00342383f25cb861a5bf4c4639de154958ea89c59bb83da1ae4d11e16209f86eb9647a2e295907746d57414a37f25e850727d3515614897ba1923a958a19
-
SSDEEP
12288:eJxzsYLEdisdPDQjXcejQM6Cu5iSmNjw3fEW:e31AdhNDQjTjslmN8vh
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_4bdc8e054cd0b630b16042393d4a51ad.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
JaffaCakes118_4bdc8e054cd0b630b16042393d4a51ad.exe
Resource
win10v2004-20250217-en
Malware Config
Extracted
latentbot
spynetkeylogger.zapto.org
Targets
-
-
Target
JaffaCakes118_4bdc8e054cd0b630b16042393d4a51ad
-
Size
618KB
-
MD5
4bdc8e054cd0b630b16042393d4a51ad
-
SHA1
cb7a3477b46cbf19d2fb4031a528b74d8eda1c7c
-
SHA256
30b5974779b6cfadd56a56811417a219f58a19f7bf61ec6b1b2cea8b884817ff
-
SHA512
099f00342383f25cb861a5bf4c4639de154958ea89c59bb83da1ae4d11e16209f86eb9647a2e295907746d57414a37f25e850727d3515614897ba1923a958a19
-
SSDEEP
12288:eJxzsYLEdisdPDQjXcejQM6Cu5iSmNjw3fEW:e31AdhNDQjTjslmN8vh
-
Latentbot family
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
UAC bypass
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3