General
-
Target
d293fa4fd0b44917718fdb00c5b358e4_JaffaCakes118
-
Size
113KB
-
Sample
240907-w5b81szgpg
-
MD5
d293fa4fd0b44917718fdb00c5b358e4
-
SHA1
76e5a8050b5691dfaa2b80b2c3db8558150db0f2
-
SHA256
98b898f4dce4149211ef1c83055fd092593ec59eea258a1be83f9e2dd8042aad
-
SHA512
562f4a2f3cacae59796ccb34c5d3020071f989612adb6bdf0ffa28989e2e6a1dfc28f0a6ee128f5ab433ed1fb22d547753046321eb6e198bc0ed469f5014d28f
-
SSDEEP
3072:Zoy8j7VnNdrPHaSekwi+mWLLKl8pNKoutm:p8jZ7rvaU3+mWLLW2EoSm
Malware Config
Targets
-
-
Target
d293fa4fd0b44917718fdb00c5b358e4_JaffaCakes118
-
Size
113KB
-
MD5
d293fa4fd0b44917718fdb00c5b358e4
-
SHA1
76e5a8050b5691dfaa2b80b2c3db8558150db0f2
-
SHA256
98b898f4dce4149211ef1c83055fd092593ec59eea258a1be83f9e2dd8042aad
-
SHA512
562f4a2f3cacae59796ccb34c5d3020071f989612adb6bdf0ffa28989e2e6a1dfc28f0a6ee128f5ab433ed1fb22d547753046321eb6e198bc0ed469f5014d28f
-
SSDEEP
3072:Zoy8j7VnNdrPHaSekwi+mWLLKl8pNKoutm:p8jZ7rvaU3+mWLLW2EoSm
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
UAC bypass
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3