General
-
Target
20cdd8e5b319d61e3cddc8c832f62806_JaffaCakes118
-
Size
508KB
-
Sample
240703-c5y81atbmb
-
MD5
20cdd8e5b319d61e3cddc8c832f62806
-
SHA1
7eed77b196e72232b95c7b89db2206e376ca4b28
-
SHA256
be4d729f21b8e85479f21f1bdd89910b5603db51536931e6589f8798418776df
-
SHA512
3ae216d47c0035bb48de10663dc251f346dcc961a3a9c5539b925120a81c8ce3584945a93d1a86618ae849d25ae1ca7b546f9225f3f63673fa9bd6fcaca60004
-
SSDEEP
6144:Ajzxt76W0obUV7+O0F+2MOm263u9lAHm51FW9Bg+KY1CPGFaVls7Ya0IPseBVZ5H:+VUV7n0Mx3elAHmJTuSGJ0FbeB7yG0I
Malware Config
Targets
-
-
Target
20cdd8e5b319d61e3cddc8c832f62806_JaffaCakes118
-
Size
508KB
-
MD5
20cdd8e5b319d61e3cddc8c832f62806
-
SHA1
7eed77b196e72232b95c7b89db2206e376ca4b28
-
SHA256
be4d729f21b8e85479f21f1bdd89910b5603db51536931e6589f8798418776df
-
SHA512
3ae216d47c0035bb48de10663dc251f346dcc961a3a9c5539b925120a81c8ce3584945a93d1a86618ae849d25ae1ca7b546f9225f3f63673fa9bd6fcaca60004
-
SSDEEP
6144:Ajzxt76W0obUV7+O0F+2MOm263u9lAHm51FW9Bg+KY1CPGFaVls7Ya0IPseBVZ5H:+VUV7n0Mx3elAHmJTuSGJ0FbeB7yG0I
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
UAC bypass
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1