General
-
Target
ad26f60cc32eadd5296c96380cf65673_JaffaCakes118
-
Size
818KB
-
Sample
241128-wnz9hsvph1
-
MD5
ad26f60cc32eadd5296c96380cf65673
-
SHA1
5cd20d355bbac6285cf032607edf69e6cbdd760a
-
SHA256
070edf33cf1a823f9d62c63a6d3605ea7c22e2be6c8ebfc392cf6c7df550f872
-
SHA512
0db21d0cbf6a58ab3616c2f4463dfca19fc92563187cb222ffd5ecabf976cfb2033ce6e4cf304812545baadc0d43cb4e70f82e34b00b8da1f8002a25023109d4
-
SSDEEP
6144:31SnWphJgxOgzJYfQYzKCkN0hZc3zTq1Nla3QPKsBQIVc74rvE2Z4q7UigAn2Cq1:QnWphqxLJAka0SeFzFGFkoS
Malware Config
Targets
-
-
Target
ad26f60cc32eadd5296c96380cf65673_JaffaCakes118
-
Size
818KB
-
MD5
ad26f60cc32eadd5296c96380cf65673
-
SHA1
5cd20d355bbac6285cf032607edf69e6cbdd760a
-
SHA256
070edf33cf1a823f9d62c63a6d3605ea7c22e2be6c8ebfc392cf6c7df550f872
-
SHA512
0db21d0cbf6a58ab3616c2f4463dfca19fc92563187cb222ffd5ecabf976cfb2033ce6e4cf304812545baadc0d43cb4e70f82e34b00b8da1f8002a25023109d4
-
SSDEEP
6144:31SnWphJgxOgzJYfQYzKCkN0hZc3zTq1Nla3QPKsBQIVc74rvE2Z4q7UigAn2Cq1:QnWphqxLJAka0SeFzFGFkoS
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
UAC bypass
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3