General
-
Target
dafe750ff849eba12212dc7b91fec866_JaffaCakes118
-
Size
412KB
-
Sample
240911-xdcwxaxakc
-
MD5
dafe750ff849eba12212dc7b91fec866
-
SHA1
89bc53ce4a7f94707d5cb118c7d206ea1e833a95
-
SHA256
ab5e4665b3acf81b3d734580f1c968259f1104428d50a500ecb27a8a356c0ab1
-
SHA512
0b2f0ea3565d7c4136065f774b38d5491d22cf31ff9db55ae28a2b073a4b4eae56d8f8ae3a7d40ad8a3d1a0e008a2e3e4d6022ab3cd170003cc775019e842b67
-
SSDEEP
6144:sG377xS2Vp2CeiorXhwTBOQqQkxXfZYdwRh5yD/83N9NQK53wpcCJJvH:nr7xS2Vp6FwTGadaSu9N4bJJvH
Malware Config
Targets
-
-
Target
dafe750ff849eba12212dc7b91fec866_JaffaCakes118
-
Size
412KB
-
MD5
dafe750ff849eba12212dc7b91fec866
-
SHA1
89bc53ce4a7f94707d5cb118c7d206ea1e833a95
-
SHA256
ab5e4665b3acf81b3d734580f1c968259f1104428d50a500ecb27a8a356c0ab1
-
SHA512
0b2f0ea3565d7c4136065f774b38d5491d22cf31ff9db55ae28a2b073a4b4eae56d8f8ae3a7d40ad8a3d1a0e008a2e3e4d6022ab3cd170003cc775019e842b67
-
SSDEEP
6144:sG377xS2Vp2CeiorXhwTBOQqQkxXfZYdwRh5yD/83N9NQK53wpcCJJvH:nr7xS2Vp6FwTGadaSu9N4bJJvH
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
UAC bypass
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3