General
-
Target
ebf86e06b3e60eb7989e8360c584637e_JaffaCakes118
-
Size
207KB
-
Sample
240919-xdwn1svckl
-
MD5
ebf86e06b3e60eb7989e8360c584637e
-
SHA1
2f314e2cc1c0584e6119c24550d1d90d253b4eba
-
SHA256
75427846d6a5f1318d86c73853dfd10398079b9953a7c430a2dde36d801c792b
-
SHA512
2ab0fa898a052b3983e13c8d8b9c8a0d40e8bc378ad4f9fae2d679eaf2eee98102d6a2288a5b98539135758044f5711935bc058758fa6177ac6fcb785dbbaa68
-
SSDEEP
3072:i1+MJKrUnFYY5z1i0Nmbi5fJBNPmUpQzkkoutn7:iIrPj0NmWtN3IoS
Malware Config
Targets
-
-
Target
ebf86e06b3e60eb7989e8360c584637e_JaffaCakes118
-
Size
207KB
-
MD5
ebf86e06b3e60eb7989e8360c584637e
-
SHA1
2f314e2cc1c0584e6119c24550d1d90d253b4eba
-
SHA256
75427846d6a5f1318d86c73853dfd10398079b9953a7c430a2dde36d801c792b
-
SHA512
2ab0fa898a052b3983e13c8d8b9c8a0d40e8bc378ad4f9fae2d679eaf2eee98102d6a2288a5b98539135758044f5711935bc058758fa6177ac6fcb785dbbaa68
-
SSDEEP
3072:i1+MJKrUnFYY5z1i0Nmbi5fJBNPmUpQzkkoutn7:iIrPj0NmWtN3IoS
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
UAC bypass
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2