General
-
Target
b9ff4545dd6daf302e8e65c1f0cd0c6f_JaffaCakes118
-
Size
152KB
-
Sample
241202-y3rl2awqgm
-
MD5
b9ff4545dd6daf302e8e65c1f0cd0c6f
-
SHA1
1af1dc10f6c4f4469c847bf5259a6c4990ad3cc0
-
SHA256
1dd5cff7dadc4ae1c00b84ad291e37db9651498b60045b07302eb58534ef8ae4
-
SHA512
85ba5f632c032df1651718c6fe330979a4e21863fec6a640d7992cfd9acc6f3fb55437abb23f0d46dee69f65fed96bb8542610c4ab6a67079c796f679fe101a5
-
SSDEEP
3072:bjIvDj0jztDfkf7+namLFJIMDmw8Z+pCJAuZty9m4odozH6HbwfCllgE:bEP0dz9TyAouuZty9XoAasfLE
Malware Config
Targets
-
-
Target
b9ff4545dd6daf302e8e65c1f0cd0c6f_JaffaCakes118
-
Size
152KB
-
MD5
b9ff4545dd6daf302e8e65c1f0cd0c6f
-
SHA1
1af1dc10f6c4f4469c847bf5259a6c4990ad3cc0
-
SHA256
1dd5cff7dadc4ae1c00b84ad291e37db9651498b60045b07302eb58534ef8ae4
-
SHA512
85ba5f632c032df1651718c6fe330979a4e21863fec6a640d7992cfd9acc6f3fb55437abb23f0d46dee69f65fed96bb8542610c4ab6a67079c796f679fe101a5
-
SSDEEP
3072:bjIvDj0jztDfkf7+namLFJIMDmw8Z+pCJAuZty9m4odozH6HbwfCllgE:bEP0dz9TyAouuZty9XoAasfLE
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
UAC bypass
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3