General
-
Target
16cd7ed65dd3e987325b44da8a38bba5_JaffaCakes118
-
Size
312KB
-
Sample
240627-vmzqxs1dja
-
MD5
16cd7ed65dd3e987325b44da8a38bba5
-
SHA1
88999598f52ad75427f06a85e36f75bdd258489f
-
SHA256
bddf70d00efa8498e309ca5b8defbe46688f686a73495b3a3cd733f0275c5129
-
SHA512
83b4a5f48cca8c701868223c51bf4cbfedad80aa4aebccfb98df505ad83808e13a7dbbfda0d0f9026ae84f5e24af79979912ec95305a75aaebaf1a583bb61921
-
SSDEEP
6144:cG377xS2Vp2CeiorXhwTBN53lpcCJJvHTGoS:3r7xS2Vp6FwTTbJJvHioS
Behavioral task
behavioral1
Sample
16cd7ed65dd3e987325b44da8a38bba5_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
16cd7ed65dd3e987325b44da8a38bba5_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
16cd7ed65dd3e987325b44da8a38bba5_JaffaCakes118
-
Size
312KB
-
MD5
16cd7ed65dd3e987325b44da8a38bba5
-
SHA1
88999598f52ad75427f06a85e36f75bdd258489f
-
SHA256
bddf70d00efa8498e309ca5b8defbe46688f686a73495b3a3cd733f0275c5129
-
SHA512
83b4a5f48cca8c701868223c51bf4cbfedad80aa4aebccfb98df505ad83808e13a7dbbfda0d0f9026ae84f5e24af79979912ec95305a75aaebaf1a583bb61921
-
SSDEEP
6144:cG377xS2Vp2CeiorXhwTBN53lpcCJJvHTGoS:3r7xS2Vp6FwTTbJJvHioS
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1