General
-
Target
8a09be642870f11183acc94a1aff3802_JaffaCakes118
-
Size
2.8MB
-
Sample
241103-g34sxszngp
-
MD5
8a09be642870f11183acc94a1aff3802
-
SHA1
0f27cedbbd0b812e9423ce94f1cf60f98e3091c4
-
SHA256
14c850d8c8a61c4cd4fee483648c0ef47c875f322623b2e4264fb04d5d29776f
-
SHA512
aa8e01420ae7ec16cda276c24dd496d4ade837f276196e094ee16417b4ab50798472befb05cad49819f9ceae3370da7ae6a218b2744727ce63e9563d2733523e
-
SSDEEP
49152:b1dlZon5RIAbMURTnd4fmIjDXSrd/T7eCMXdhTV3jbI+lqvZOEjjTVIhem+ni:b1dl2nHgURTnyffXmNT6XTh4v5jZQEni
Malware Config
Targets
-
-
Target
8a09be642870f11183acc94a1aff3802_JaffaCakes118
-
Size
2.8MB
-
MD5
8a09be642870f11183acc94a1aff3802
-
SHA1
0f27cedbbd0b812e9423ce94f1cf60f98e3091c4
-
SHA256
14c850d8c8a61c4cd4fee483648c0ef47c875f322623b2e4264fb04d5d29776f
-
SHA512
aa8e01420ae7ec16cda276c24dd496d4ade837f276196e094ee16417b4ab50798472befb05cad49819f9ceae3370da7ae6a218b2744727ce63e9563d2733523e
-
SSDEEP
49152:b1dlZon5RIAbMURTnd4fmIjDXSrd/T7eCMXdhTV3jbI+lqvZOEjjTVIhem+ni:b1dl2nHgURTnyffXmNT6XTh4v5jZQEni
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
UAC bypass
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3Virtualization/Sandbox Evasion
1