General
-
Target
JaffaCakes118_d46e7a694a2843ee11ee8ba6f1a789e0
-
Size
363KB
-
Sample
250424-bf6q4svvav
-
MD5
d46e7a694a2843ee11ee8ba6f1a789e0
-
SHA1
80a4d7238de0d117748d358232a2b0fea1677b5a
-
SHA256
e0397fec8d3f873794944a008c3c5a96ea7aee1fefba870a7ebc16a436913fc0
-
SHA512
d5628bf3745ffb7f2af76f40e07e406282b98a442decbdea0b1ca567aee620bc850805106a20023461ec8fc859e30f729531fffb104db8d48164b9a10a34cfbf
-
SSDEEP
6144:oGyjnBSkuV1d4eZd88ORJIfrwTBtKSefo53Edpc7:zYnBSkuVUeZdYGwTKfnW
Behavioral task
behavioral1
Sample
JaffaCakes118_d46e7a694a2843ee11ee8ba6f1a789e0.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral2
Sample
JaffaCakes118_d46e7a694a2843ee11ee8ba6f1a789e0.exe
Resource
win11-20250410-en
Malware Config
Extracted
latentbot
raremaster77.zapto.org
Targets
-
-
Target
JaffaCakes118_d46e7a694a2843ee11ee8ba6f1a789e0
-
Size
363KB
-
MD5
d46e7a694a2843ee11ee8ba6f1a789e0
-
SHA1
80a4d7238de0d117748d358232a2b0fea1677b5a
-
SHA256
e0397fec8d3f873794944a008c3c5a96ea7aee1fefba870a7ebc16a436913fc0
-
SHA512
d5628bf3745ffb7f2af76f40e07e406282b98a442decbdea0b1ca567aee620bc850805106a20023461ec8fc859e30f729531fffb104db8d48164b9a10a34cfbf
-
SSDEEP
6144:oGyjnBSkuV1d4eZd88ORJIfrwTBtKSefo53Edpc7:zYnBSkuVUeZdYGwTKfnW
-
Latentbot family
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
UAC bypass
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v16
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3