General
-
Target
9524fca16d2814c953d15de5e0cc9473_JaffaCakes118
-
Size
117KB
-
Sample
241124-rdxcnaspgt
-
MD5
9524fca16d2814c953d15de5e0cc9473
-
SHA1
6068582eafe4a0ef19993c22171fbe9859de172a
-
SHA256
ed131301a469a80bbf5365317dd00fdae80b54d2e8039a39ee8dfc3d3a1ff5a5
-
SHA512
b7b888e3510fa35d3c6b94ad2d8295a17627549519a6f1a51e84898e65c7af2f6cc73312b7e30d35060e3ca0aa6d1004ff2f551ab37094bf95754e346d9d9103
-
SSDEEP
3072:a9tz39ULS/mysYKaJCDx3nS/ByyRaga0nZxEBg:a9tztULS/mH3hyRazYxEG
Malware Config
Targets
-
-
Target
9524fca16d2814c953d15de5e0cc9473_JaffaCakes118
-
Size
117KB
-
MD5
9524fca16d2814c953d15de5e0cc9473
-
SHA1
6068582eafe4a0ef19993c22171fbe9859de172a
-
SHA256
ed131301a469a80bbf5365317dd00fdae80b54d2e8039a39ee8dfc3d3a1ff5a5
-
SHA512
b7b888e3510fa35d3c6b94ad2d8295a17627549519a6f1a51e84898e65c7af2f6cc73312b7e30d35060e3ca0aa6d1004ff2f551ab37094bf95754e346d9d9103
-
SSDEEP
3072:a9tz39ULS/mysYKaJCDx3nS/ByyRaga0nZxEBg:a9tztULS/mH3hyRazYxEG
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
UAC bypass
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2