General
-
Target
1b22530f1e642b9c23dfe12fa5ddd639_JaffaCakes118
-
Size
596KB
-
Sample
240701-nn1ahssekr
-
MD5
1b22530f1e642b9c23dfe12fa5ddd639
-
SHA1
470924416bfa051b3320e09f2cd48dfc4d24cb81
-
SHA256
182a21303b5c619026d7a43586a3ef09836c3a3e8e6f7876aca91393e13f1b66
-
SHA512
4addd6964a0e8c5409ce2b54c0c653e0e632d22ed3e5d212054089549bd920bc1fa9b64a90275e80a03fe82b47202fb815c25ab983d584eb0998d6c2519c4fd1
-
SSDEEP
12288:DBMmKGnhDT+JlCraEFmgOimT1uxp62KW8CcCzyU56RZv+tFLwaR:9MmnDC+rPnzmEv8W8CcQy2U1wLwU
Behavioral task
behavioral1
Sample
1b22530f1e642b9c23dfe12fa5ddd639_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
1b22530f1e642b9c23dfe12fa5ddd639_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
1b22530f1e642b9c23dfe12fa5ddd639_JaffaCakes118
-
Size
596KB
-
MD5
1b22530f1e642b9c23dfe12fa5ddd639
-
SHA1
470924416bfa051b3320e09f2cd48dfc4d24cb81
-
SHA256
182a21303b5c619026d7a43586a3ef09836c3a3e8e6f7876aca91393e13f1b66
-
SHA512
4addd6964a0e8c5409ce2b54c0c653e0e632d22ed3e5d212054089549bd920bc1fa9b64a90275e80a03fe82b47202fb815c25ab983d584eb0998d6c2519c4fd1
-
SSDEEP
12288:DBMmKGnhDT+JlCraEFmgOimT1uxp62KW8CcCzyU56RZv+tFLwaR:9MmnDC+rPnzmEv8W8CcQy2U1wLwU
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1