General
-
Target
e91bfaf6436c8e7cea12d5c4e7dd41cb_JaffaCakes118
-
Size
241KB
-
Sample
240918-plkbyszgqf
-
MD5
e91bfaf6436c8e7cea12d5c4e7dd41cb
-
SHA1
cc890aef4bfa783860401a4888c4c5a8f6b99889
-
SHA256
d58c0807d9e47a1aa642cfcddc849d76608cbe8e9e8cb8604f47db93f54f1a59
-
SHA512
f501f31c3d1d3215485fa204eebdb3885efd35cd62a8236ca76452328abd1d95ae232e876e0d0d4ff3680a14f9d5b394920ff6fb2034d17da5cd64f440bebaff
-
SSDEEP
6144:WbTo8mhn+TupXuBPhhDZ2NllBzuTnDuwX5:zLnuPhhsNrBcDuwX5
Malware Config
Targets
-
-
Target
e91bfaf6436c8e7cea12d5c4e7dd41cb_JaffaCakes118
-
Size
241KB
-
MD5
e91bfaf6436c8e7cea12d5c4e7dd41cb
-
SHA1
cc890aef4bfa783860401a4888c4c5a8f6b99889
-
SHA256
d58c0807d9e47a1aa642cfcddc849d76608cbe8e9e8cb8604f47db93f54f1a59
-
SHA512
f501f31c3d1d3215485fa204eebdb3885efd35cd62a8236ca76452328abd1d95ae232e876e0d0d4ff3680a14f9d5b394920ff6fb2034d17da5cd64f440bebaff
-
SSDEEP
6144:WbTo8mhn+TupXuBPhhDZ2NllBzuTnDuwX5:zLnuPhhsNrBcDuwX5
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
UAC bypass
-
ModiLoader Second Stage
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3