General
-
Target
d7f7d55a93bbafcabdceced008a772fb_JaffaCakes118
-
Size
166KB
-
Sample
240910-k9zz4awejq
-
MD5
d7f7d55a93bbafcabdceced008a772fb
-
SHA1
53f3430ff6f9e4916053f06d0af68c14078b8f86
-
SHA256
8c43e0a03dca6cc6392a0cebda6bea3ff3ac8054b063ee5c2fa164690101e122
-
SHA512
433cc67b192c1b77dcc096eb93623e242481e2d7dd7a436690a88ef2df3c81f6ca76c6d56a695910e6a8ca4408d2a2605d51e8d8bb761d531880baba71bd668c
-
SSDEEP
3072:6oy8j7VnNdrPHaSekwi+mWuCeJkfjp85outM0279D+tz4Ro6G:q8jZ7rvaU3+mWLeqcoSO79DPRo
Malware Config
Targets
-
-
Target
d7f7d55a93bbafcabdceced008a772fb_JaffaCakes118
-
Size
166KB
-
MD5
d7f7d55a93bbafcabdceced008a772fb
-
SHA1
53f3430ff6f9e4916053f06d0af68c14078b8f86
-
SHA256
8c43e0a03dca6cc6392a0cebda6bea3ff3ac8054b063ee5c2fa164690101e122
-
SHA512
433cc67b192c1b77dcc096eb93623e242481e2d7dd7a436690a88ef2df3c81f6ca76c6d56a695910e6a8ca4408d2a2605d51e8d8bb761d531880baba71bd668c
-
SSDEEP
3072:6oy8j7VnNdrPHaSekwi+mWuCeJkfjp85outM0279D+tz4Ro6G:q8jZ7rvaU3+mWLeqcoSO79DPRo
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
UAC bypass
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3