General
-
Target
d448fa3563da125b99e5d4cf64603e35_JaffaCakes118
-
Size
311KB
-
Sample
240908-nw3qlsthjm
-
MD5
d448fa3563da125b99e5d4cf64603e35
-
SHA1
4ce9161761a2e03314d19ef695459e9d1698c340
-
SHA256
09c191d26752cef42dfad6df6379de78b82e9ce4ca4be75603399f6d08fd107b
-
SHA512
64a7af6a69b1dee2a7575feafb2392494dc2497bcf819d24897418591dcc853a468b0497d8966526ff49a518a2ac5a8fdbb6a1c0d9158e9eeee6f7b009152107
-
SSDEEP
6144:gGyjnBSkuV1d4eZd88ORJIf/wTBt53ovpcNQAoS:LYnBSkuVUeZdYqwTeCoS
Malware Config
Targets
-
-
Target
d448fa3563da125b99e5d4cf64603e35_JaffaCakes118
-
Size
311KB
-
MD5
d448fa3563da125b99e5d4cf64603e35
-
SHA1
4ce9161761a2e03314d19ef695459e9d1698c340
-
SHA256
09c191d26752cef42dfad6df6379de78b82e9ce4ca4be75603399f6d08fd107b
-
SHA512
64a7af6a69b1dee2a7575feafb2392494dc2497bcf819d24897418591dcc853a468b0497d8966526ff49a518a2ac5a8fdbb6a1c0d9158e9eeee6f7b009152107
-
SSDEEP
6144:gGyjnBSkuV1d4eZd88ORJIf/wTBt53ovpcNQAoS:LYnBSkuVUeZdYqwTeCoS
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
UAC bypass
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3