General
-
Target
a8274fe687be6f6bbb3ff0ce2bb02747_JaffaCakes118
-
Size
188KB
-
Sample
241127-q69b9awkhx
-
MD5
a8274fe687be6f6bbb3ff0ce2bb02747
-
SHA1
4cb7570be4ef478bce408b3a9d441ec8e805f4e4
-
SHA256
f4199919be88334675a18ec131c1ffe65690a1e0b725e3d44a9244af7b2353b1
-
SHA512
530571ae5ca0bab3aa75f72dbee1aa2bab6dac3fca3a9abde80cab028b70b394e092459af270e4a38e95bd2ffdb2612c46dd311171726e9b4197fa498158dffe
-
SSDEEP
3072:LMeTnBZXXA98/MUB6Tj/rm1NkYg0JH2qq7d2LeadFraelSk6sDtFYuFZd966lH:LRnBZXw9lr/dP0Byx2e49l36sDrY6O6t
Malware Config
Targets
-
-
Target
a8274fe687be6f6bbb3ff0ce2bb02747_JaffaCakes118
-
Size
188KB
-
MD5
a8274fe687be6f6bbb3ff0ce2bb02747
-
SHA1
4cb7570be4ef478bce408b3a9d441ec8e805f4e4
-
SHA256
f4199919be88334675a18ec131c1ffe65690a1e0b725e3d44a9244af7b2353b1
-
SHA512
530571ae5ca0bab3aa75f72dbee1aa2bab6dac3fca3a9abde80cab028b70b394e092459af270e4a38e95bd2ffdb2612c46dd311171726e9b4197fa498158dffe
-
SSDEEP
3072:LMeTnBZXXA98/MUB6Tj/rm1NkYg0JH2qq7d2LeadFraelSk6sDtFYuFZd966lH:LRnBZXw9lr/dP0Byx2e49l36sDrY6O6t
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
UAC bypass
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3