General
-
Target
1b99615b7735dd154f46f0d20abb21ef_JaffaCakes118
-
Size
136KB
-
Sample
240701-rjh28azbkj
-
MD5
1b99615b7735dd154f46f0d20abb21ef
-
SHA1
2eddace2205a858cb7639b50d994a8e216a00dfe
-
SHA256
34133845d0fd86afe76b46e8385dd360a606b0eb5191bbdd3ebc40dfa83dc411
-
SHA512
871a1f51650212b684eae32458233173eab5b16b7387a9053eba0c064cdcf25733f34f3abc200965c1e85323eae106823518c3628b25c04d965813bf0e9b7e63
-
SSDEEP
3072:0sdUYgVqo7S8M8D77BCzurSE0fUolN+BEzDiT:02stPM8lCzurSE0VMB4c
Static task
static1
Behavioral task
behavioral1
Sample
1b99615b7735dd154f46f0d20abb21ef_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1b99615b7735dd154f46f0d20abb21ef_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
1b99615b7735dd154f46f0d20abb21ef_JaffaCakes118
-
Size
136KB
-
MD5
1b99615b7735dd154f46f0d20abb21ef
-
SHA1
2eddace2205a858cb7639b50d994a8e216a00dfe
-
SHA256
34133845d0fd86afe76b46e8385dd360a606b0eb5191bbdd3ebc40dfa83dc411
-
SHA512
871a1f51650212b684eae32458233173eab5b16b7387a9053eba0c064cdcf25733f34f3abc200965c1e85323eae106823518c3628b25c04d965813bf0e9b7e63
-
SSDEEP
3072:0sdUYgVqo7S8M8D77BCzurSE0fUolN+BEzDiT:02stPM8lCzurSE0VMB4c
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1