General
-
Target
183f47d29690cf857fc5ffb7b8dc57b7_JaffaCakes118
-
Size
651KB
-
Sample
240628-bltczavgrr
-
MD5
183f47d29690cf857fc5ffb7b8dc57b7
-
SHA1
4b9be0c4e5bcbaccf5d1da988eb166f688db1524
-
SHA256
60c6cc3b097c5387cb164c2893fae2355c0afc75b6cc095c2cf81b7d21775e11
-
SHA512
bf2b0090ad87a9949ae7c335ca903eebe8e18bb3e2ff8fb5561b2f6947676a5dfcc7566842bca383864e2b715703ee6034e714f5f6841c8dde09ab3458ad6724
-
SSDEEP
12288:kpyZT1MrCxu/mDwLRI6BxcDqp9aqCcajVuD3Z7BPQGMWYur0s0D:kUx1MjOD3SxcDDcNDqWYurL0
Behavioral task
behavioral1
Sample
183f47d29690cf857fc5ffb7b8dc57b7_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
183f47d29690cf857fc5ffb7b8dc57b7_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
183f47d29690cf857fc5ffb7b8dc57b7_JaffaCakes118
-
Size
651KB
-
MD5
183f47d29690cf857fc5ffb7b8dc57b7
-
SHA1
4b9be0c4e5bcbaccf5d1da988eb166f688db1524
-
SHA256
60c6cc3b097c5387cb164c2893fae2355c0afc75b6cc095c2cf81b7d21775e11
-
SHA512
bf2b0090ad87a9949ae7c335ca903eebe8e18bb3e2ff8fb5561b2f6947676a5dfcc7566842bca383864e2b715703ee6034e714f5f6841c8dde09ab3458ad6724
-
SSDEEP
12288:kpyZT1MrCxu/mDwLRI6BxcDqp9aqCcajVuD3Z7BPQGMWYur0s0D:kUx1MjOD3SxcDDcNDqWYurL0
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modifies visiblity of hidden/system files in Explorer
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2