General
-
Target
cc6ae3629770c39fe95003ca3a54fe95_JaffaCakes118
-
Size
270KB
-
Sample
240831-jbz2rsscnm
-
MD5
cc6ae3629770c39fe95003ca3a54fe95
-
SHA1
cf11ea62ccc43a2eeea4bfa6729c6ded7ae3ea79
-
SHA256
7f9514175be0582e6a099f6012a491de4032a9247ee4f0ae8adeda4cd2a0e41e
-
SHA512
b1df83e71afbcde2dbf4c94b3fabb64d02331c24992ab8e9cb06089b6c62df16a8de4dddd6be99627512cd4c5e9f40c534f142003fcb122c1ddc92f030ad7090
-
SSDEEP
6144:KG377xS2Vp2CeiorXhwTBOz531pcCJJvH:Zr7xS2Vp6FwTWbJJvH
Malware Config
Targets
-
-
Target
cc6ae3629770c39fe95003ca3a54fe95_JaffaCakes118
-
Size
270KB
-
MD5
cc6ae3629770c39fe95003ca3a54fe95
-
SHA1
cf11ea62ccc43a2eeea4bfa6729c6ded7ae3ea79
-
SHA256
7f9514175be0582e6a099f6012a491de4032a9247ee4f0ae8adeda4cd2a0e41e
-
SHA512
b1df83e71afbcde2dbf4c94b3fabb64d02331c24992ab8e9cb06089b6c62df16a8de4dddd6be99627512cd4c5e9f40c534f142003fcb122c1ddc92f030ad7090
-
SSDEEP
6144:KG377xS2Vp2CeiorXhwTBOz531pcCJJvH:Zr7xS2Vp6FwTWbJJvH
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
UAC bypass
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3