General
-
Target
b8d81c76d015ccd32d5d783c2aac7fdc_JaffaCakes118
-
Size
159KB
-
Sample
241202-snkbhsyrft
-
MD5
b8d81c76d015ccd32d5d783c2aac7fdc
-
SHA1
703e1954b2d049e5143eb836b6fc12dab8ef5de2
-
SHA256
74ff26da3fb9983a1e3ddc424e9aa1a123e4407d74fe955e1a8d48d732b9aa62
-
SHA512
91739068e83b2962f2e383323cae5fe5f42b4c7dcd83a774ef7ed56a28e78890b5b35275fb46470feb6138a9e7944be16b8e7e1b0785ebaa18902baad7c81da1
-
SSDEEP
3072:fi4HctJxJDJ1Zh+7staCw3a//gFqRVe2LK0mhPz5IKJ+zhEVnsPBzh0O:f8tPJzC3F2LKVPz57czhEapB
Malware Config
Targets
-
-
Target
b8d81c76d015ccd32d5d783c2aac7fdc_JaffaCakes118
-
Size
159KB
-
MD5
b8d81c76d015ccd32d5d783c2aac7fdc
-
SHA1
703e1954b2d049e5143eb836b6fc12dab8ef5de2
-
SHA256
74ff26da3fb9983a1e3ddc424e9aa1a123e4407d74fe955e1a8d48d732b9aa62
-
SHA512
91739068e83b2962f2e383323cae5fe5f42b4c7dcd83a774ef7ed56a28e78890b5b35275fb46470feb6138a9e7944be16b8e7e1b0785ebaa18902baad7c81da1
-
SSDEEP
3072:fi4HctJxJDJ1Zh+7staCw3a//gFqRVe2LK0mhPz5IKJ+zhEVnsPBzh0O:f8tPJzC3F2LKVPz57czhEapB
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
UAC bypass
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3