General
-
Target
1b4a5d6480a5d3d78375927aa58413db_JaffaCakes118
-
Size
1.2MB
-
Sample
240701-pkz11svdkk
-
MD5
1b4a5d6480a5d3d78375927aa58413db
-
SHA1
53fce80e102b7589837c4f28b727b9e25db9a79b
-
SHA256
81f63dafbd4f6b1a606778311d1c792240dafe61593c2781660362eb6da1e420
-
SHA512
9ef9d2afb384c890040b5d0d6386ab8adcc6388ea8c4226b27bcf8ab5cc31ff8f114e9eb1a62ca92bfa797c4c666abf5df9205c19863032d1044531dfb4831de
-
SSDEEP
24576:bSyOHYzO0LD9v96b081JCvDecaSMy8SjXBCxSq11GD5kwuoY:b6n0D90zzCvDecaXy8SzBCxI7c
Behavioral task
behavioral1
Sample
1b4a5d6480a5d3d78375927aa58413db_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
1b4a5d6480a5d3d78375927aa58413db_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
1b4a5d6480a5d3d78375927aa58413db_JaffaCakes118
-
Size
1.2MB
-
MD5
1b4a5d6480a5d3d78375927aa58413db
-
SHA1
53fce80e102b7589837c4f28b727b9e25db9a79b
-
SHA256
81f63dafbd4f6b1a606778311d1c792240dafe61593c2781660362eb6da1e420
-
SHA512
9ef9d2afb384c890040b5d0d6386ab8adcc6388ea8c4226b27bcf8ab5cc31ff8f114e9eb1a62ca92bfa797c4c666abf5df9205c19863032d1044531dfb4831de
-
SSDEEP
24576:bSyOHYzO0LD9v96b081JCvDecaSMy8SjXBCxSq11GD5kwuoY:b6n0D90zzCvDecaXy8SzBCxI7c
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Deletes itself
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1