General
-
Target
JaffaCakes118_9688e52c652159a2de886e26f51cf2a4
-
Size
373KB
-
Sample
250329-ypbnnaxyfy
-
MD5
9688e52c652159a2de886e26f51cf2a4
-
SHA1
47be034de1fa0d2ae4fe257d7dcf6e051d3adc9d
-
SHA256
f97bddd1380e0fe2de7d2b6911ef65eff958027903a6cf66946357e390c6aa0d
-
SHA512
041c38e939433649f162556236a1d934584fdd4917f6276f81bb8775f30a419f24a65745e4c46e16eb34bfa3325740221099df9875814d3e51d3b252247806fa
-
SSDEEP
3072:f1+MJKrUnFYY5z1i0Nmbi5fJBN2u+SXipe4fIout02kB7URGQQLFlWBMt:FIrPj0NmWtN2iXisKIoS0PgRzQZF
Behavioral task
behavioral1
Sample
JaffaCakes118_9688e52c652159a2de886e26f51cf2a4.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_9688e52c652159a2de886e26f51cf2a4.exe
Resource
win10v2004-20250314-en
Malware Config
Targets
-
-
Target
JaffaCakes118_9688e52c652159a2de886e26f51cf2a4
-
Size
373KB
-
MD5
9688e52c652159a2de886e26f51cf2a4
-
SHA1
47be034de1fa0d2ae4fe257d7dcf6e051d3adc9d
-
SHA256
f97bddd1380e0fe2de7d2b6911ef65eff958027903a6cf66946357e390c6aa0d
-
SHA512
041c38e939433649f162556236a1d934584fdd4917f6276f81bb8775f30a419f24a65745e4c46e16eb34bfa3325740221099df9875814d3e51d3b252247806fa
-
SSDEEP
3072:f1+MJKrUnFYY5z1i0Nmbi5fJBN2u+SXipe4fIout02kB7URGQQLFlWBMt:FIrPj0NmWtN2iXisKIoS0PgRzQZF
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
UAC bypass
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3