General
-
Target
82cd379ae2126f5197c7f7b2693b11d0_JaffaCakes118
-
Size
200KB
-
Sample
241031-nfy3gsxenm
-
MD5
82cd379ae2126f5197c7f7b2693b11d0
-
SHA1
6e35576eaa760d02be474c0a992195a9cffd18a7
-
SHA256
662b8612b403d2ae3261326807607846202bf8645d8a0025a7c7361f17291820
-
SHA512
8eaf759f46d7c37d1c958207d79edbd08a4345754e588ec31e3d8b66c17cfcbd88ce6c1fd0e6406cb31f3c3a8d53082feff7687369d9d4f427337411f210e797
-
SSDEEP
3072:5Z028RmYEjfb8L/6QaYX0NMzXJou65V89V4VqmXvQSo4m:pT8h+YC5VumzYl
Malware Config
Targets
-
-
Target
82cd379ae2126f5197c7f7b2693b11d0_JaffaCakes118
-
Size
200KB
-
MD5
82cd379ae2126f5197c7f7b2693b11d0
-
SHA1
6e35576eaa760d02be474c0a992195a9cffd18a7
-
SHA256
662b8612b403d2ae3261326807607846202bf8645d8a0025a7c7361f17291820
-
SHA512
8eaf759f46d7c37d1c958207d79edbd08a4345754e588ec31e3d8b66c17cfcbd88ce6c1fd0e6406cb31f3c3a8d53082feff7687369d9d4f427337411f210e797
-
SSDEEP
3072:5Z028RmYEjfb8L/6QaYX0NMzXJou65V89V4VqmXvQSo4m:pT8h+YC5VumzYl
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
UAC bypass
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3