General
-
Target
fb0bb360d584db7f5957950c92f9a891_JaffaCakes118
-
Size
228KB
-
Sample
240927-2sjp8awdla
-
MD5
fb0bb360d584db7f5957950c92f9a891
-
SHA1
8a4bb3d44723c985a9159af5e571bc07e8e8f7fe
-
SHA256
70a668f140a46c053452815ea1376b7eaadec8a442f02e8173d0e3b6fa304072
-
SHA512
62e450de71755b54af3460950eef429d2cd6a2db94a951e2e8113267c526b92a53ca5d530e65d08257a2f1bc4479362c229804aa9c138228e58a1cbf52128af1
-
SSDEEP
6144:GKEJlynW7xSWeQGpwSjy0fPkOO7mhCP5XL:MJlyneSWfSwghfpEPPlL
Malware Config
Targets
-
-
Target
fb0bb360d584db7f5957950c92f9a891_JaffaCakes118
-
Size
228KB
-
MD5
fb0bb360d584db7f5957950c92f9a891
-
SHA1
8a4bb3d44723c985a9159af5e571bc07e8e8f7fe
-
SHA256
70a668f140a46c053452815ea1376b7eaadec8a442f02e8173d0e3b6fa304072
-
SHA512
62e450de71755b54af3460950eef429d2cd6a2db94a951e2e8113267c526b92a53ca5d530e65d08257a2f1bc4479362c229804aa9c138228e58a1cbf52128af1
-
SSDEEP
6144:GKEJlynW7xSWeQGpwSjy0fPkOO7mhCP5XL:MJlyneSWfSwghfpEPPlL
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
UAC bypass
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3