General
-
Target
d02a28730109def550aef09db44a0493_JaffaCakes118
-
Size
2.7MB
-
Sample
240906-wt8g3s1cjq
-
MD5
d02a28730109def550aef09db44a0493
-
SHA1
b40e7d402c2a26a54c36d4ec6c70397ba89e229e
-
SHA256
b64168f04fa5819d3661d61068bb4629ecc4ea6da57321a1cc61ca47acc9a1ce
-
SHA512
05bc6009fa7ec5f01459620e6b74fcd1d8828ee5118b7113151cb2ec25cac0c25d4546cf2455648b88c0fe6b825013a147937577705d18f7cd6a83aba12f2d8b
-
SSDEEP
49152:x8SSmX3nu9IYGvgKP15OxzVDxq9cgT25B7GYJVZN4zGUX0JBa9RQOLnGrPAdhNDa:GSSmX3uzGH/Gxqcgar6SoXueiQoILtQb
Malware Config
Targets
-
-
Target
d02a28730109def550aef09db44a0493_JaffaCakes118
-
Size
2.7MB
-
MD5
d02a28730109def550aef09db44a0493
-
SHA1
b40e7d402c2a26a54c36d4ec6c70397ba89e229e
-
SHA256
b64168f04fa5819d3661d61068bb4629ecc4ea6da57321a1cc61ca47acc9a1ce
-
SHA512
05bc6009fa7ec5f01459620e6b74fcd1d8828ee5118b7113151cb2ec25cac0c25d4546cf2455648b88c0fe6b825013a147937577705d18f7cd6a83aba12f2d8b
-
SSDEEP
49152:x8SSmX3nu9IYGvgKP15OxzVDxq9cgT25B7GYJVZN4zGUX0JBa9RQOLnGrPAdhNDa:GSSmX3uzGH/Gxqcgar6SoXueiQoILtQb
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
UAC bypass
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3Virtualization/Sandbox Evasion
1