General
-
Target
f398517a15895995c3cff9134fda0c02_JaffaCakes118
-
Size
683KB
-
Sample
240924-n6a4caxdpd
-
MD5
f398517a15895995c3cff9134fda0c02
-
SHA1
ae3b41bda142f50f4cf3a9f697ebf6416c2d5180
-
SHA256
11d3325cffe09e9e836d8fd9047b540435f53651f8e2c03485e45061917605e9
-
SHA512
acaa2d692b10a7c746d3f8c2ccac5f114d80a5d3929bbca9674001aee134f86daba61773fde1f3a586150c3f31eec0aa5ebdf4833a1620c4386e586c166731e6
-
SSDEEP
12288:Ij8qn0fOacQv+rxMgXVUgG1d8iAcdB9VtOlVZBpY2xJX9fmgZjD74:Ij8q6iC+rxMgFU78iTVeVG2jtbhU
Malware Config
Targets
-
-
Target
f398517a15895995c3cff9134fda0c02_JaffaCakes118
-
Size
683KB
-
MD5
f398517a15895995c3cff9134fda0c02
-
SHA1
ae3b41bda142f50f4cf3a9f697ebf6416c2d5180
-
SHA256
11d3325cffe09e9e836d8fd9047b540435f53651f8e2c03485e45061917605e9
-
SHA512
acaa2d692b10a7c746d3f8c2ccac5f114d80a5d3929bbca9674001aee134f86daba61773fde1f3a586150c3f31eec0aa5ebdf4833a1620c4386e586c166731e6
-
SSDEEP
12288:Ij8qn0fOacQv+rxMgXVUgG1d8iAcdB9VtOlVZBpY2xJX9fmgZjD74:Ij8q6iC+rxMgFU78iTVeVG2jtbhU
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
UAC bypass
-
ModiLoader Second Stage
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks whether UAC is enabled
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2