General
-
Target
17ced9c5d47594745b881b0c2a1c022a_JaffaCakes118
-
Size
1.2MB
-
Sample
240627-2phzhsybjn
-
MD5
17ced9c5d47594745b881b0c2a1c022a
-
SHA1
9c9f52352ba409a61d4f6b9c34b7b44e8644bbca
-
SHA256
5ea63a815f001bc291beb101b32e13d11a48871e57f26938b40c9430bb4b065b
-
SHA512
2623bb0532bfb84bad2e36632d83c4bdd321a13b4308e6e21b5d4830419f3dce2720e82240f293c881b7b963b170d3506ac38969cfe7f70d63e2febaf764c5b5
-
SSDEEP
24576:fRe5ex4tRohQ9Z30s7imJ0q1WceL8oMScm8K5ojZqb:gRoe9ZDWcjoamboN
Static task
static1
Behavioral task
behavioral1
Sample
17ced9c5d47594745b881b0c2a1c022a_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
17ced9c5d47594745b881b0c2a1c022a_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
17ced9c5d47594745b881b0c2a1c022a_JaffaCakes118
-
Size
1.2MB
-
MD5
17ced9c5d47594745b881b0c2a1c022a
-
SHA1
9c9f52352ba409a61d4f6b9c34b7b44e8644bbca
-
SHA256
5ea63a815f001bc291beb101b32e13d11a48871e57f26938b40c9430bb4b065b
-
SHA512
2623bb0532bfb84bad2e36632d83c4bdd321a13b4308e6e21b5d4830419f3dce2720e82240f293c881b7b963b170d3506ac38969cfe7f70d63e2febaf764c5b5
-
SSDEEP
24576:fRe5ex4tRohQ9Z30s7imJ0q1WceL8oMScm8K5ojZqb:gRoe9ZDWcjoamboN
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1