General
-
Target
f50b8ed12de260c864f806492451d1c7_JaffaCakes118
-
Size
340KB
-
Sample
240925-dqergs1hln
-
MD5
f50b8ed12de260c864f806492451d1c7
-
SHA1
f60dae208cd5001b7d812e9adae350c4b888ffeb
-
SHA256
b81ec9252104d63a9503872f0f93e7ad4774aaf0c1daabdb91443bff32437563
-
SHA512
459cce179fee359bcb7d2c125d1abf6b1a15db30a1ce5815421346e4cf609818201aecf2b47f7ee9429a44aa85169f0dc844bcc74acfe9169c09d5b9366e474e
-
SSDEEP
6144:NG337xS2Vp2CeiorXdwTBgWx4sK3xe532pcCJJvH2:wn7xS2Vp6RwTyCOHbJJvH2
Malware Config
Targets
-
-
Target
f50b8ed12de260c864f806492451d1c7_JaffaCakes118
-
Size
340KB
-
MD5
f50b8ed12de260c864f806492451d1c7
-
SHA1
f60dae208cd5001b7d812e9adae350c4b888ffeb
-
SHA256
b81ec9252104d63a9503872f0f93e7ad4774aaf0c1daabdb91443bff32437563
-
SHA512
459cce179fee359bcb7d2c125d1abf6b1a15db30a1ce5815421346e4cf609818201aecf2b47f7ee9429a44aa85169f0dc844bcc74acfe9169c09d5b9366e474e
-
SSDEEP
6144:NG337xS2Vp2CeiorXdwTBgWx4sK3xe532pcCJJvH2:wn7xS2Vp6RwTyCOHbJJvH2
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
UAC bypass
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3