General
-
Target
1b3a3716a19a45c421b3f75a8dc7d704_JaffaCakes118
-
Size
687KB
-
Sample
240701-n73jzstfjn
-
MD5
1b3a3716a19a45c421b3f75a8dc7d704
-
SHA1
f5d040973f73319adaa8168781c4f15d4f378b4e
-
SHA256
f32307cbb46c85fc48cffe536d0bebacfd81d64d2dce6af6a122a3e8822b4c40
-
SHA512
23ad8089c2de77d4d15b7703ad85ed215dc6b5aeeb24cb686b44bfc1896b6687860ad9f4726e7450765119a97fdc9cc178d441b5591d2cc702d1a846e92ac68e
-
SSDEEP
12288:hARqevm6Lzh/nFS0q6SPCHHwRYstCaIisV:hA4e+6xMJoQRYs+
Static task
static1
Behavioral task
behavioral1
Sample
1b3a3716a19a45c421b3f75a8dc7d704_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
1b3a3716a19a45c421b3f75a8dc7d704_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
1b3a3716a19a45c421b3f75a8dc7d704_JaffaCakes118
-
Size
687KB
-
MD5
1b3a3716a19a45c421b3f75a8dc7d704
-
SHA1
f5d040973f73319adaa8168781c4f15d4f378b4e
-
SHA256
f32307cbb46c85fc48cffe536d0bebacfd81d64d2dce6af6a122a3e8822b4c40
-
SHA512
23ad8089c2de77d4d15b7703ad85ed215dc6b5aeeb24cb686b44bfc1896b6687860ad9f4726e7450765119a97fdc9cc178d441b5591d2cc702d1a846e92ac68e
-
SSDEEP
12288:hARqevm6Lzh/nFS0q6SPCHHwRYstCaIisV:hA4e+6xMJoQRYs+
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1