General
-
Target
c547a942ed52350820b952f5297c7e14_JaffaCakes118
-
Size
273KB
-
Sample
241205-b12ynaxmel
-
MD5
c547a942ed52350820b952f5297c7e14
-
SHA1
49f7be1aa2bf1da163c83af8c6e439a233866f89
-
SHA256
ddf5217e6f98a6d394d5bc776e03004e31111763048275eb41b402aff9036545
-
SHA512
700b2df2525367873618565d6825b307986198f7063839b3fc0fc45d12d435591b4568177950ad1137dd7ae7ee0c9a335c5d87c2a292ee3575ddd72a011a83e4
-
SSDEEP
6144:gG377xS2Vp2CeiorXdwTBgWx4b534QzqpcCJJvHS:Lr7xS2Vp6RwTyCZ9bJJvHS
Malware Config
Targets
-
-
Target
c547a942ed52350820b952f5297c7e14_JaffaCakes118
-
Size
273KB
-
MD5
c547a942ed52350820b952f5297c7e14
-
SHA1
49f7be1aa2bf1da163c83af8c6e439a233866f89
-
SHA256
ddf5217e6f98a6d394d5bc776e03004e31111763048275eb41b402aff9036545
-
SHA512
700b2df2525367873618565d6825b307986198f7063839b3fc0fc45d12d435591b4568177950ad1137dd7ae7ee0c9a335c5d87c2a292ee3575ddd72a011a83e4
-
SSDEEP
6144:gG377xS2Vp2CeiorXdwTBgWx4b534QzqpcCJJvHS:Lr7xS2Vp6RwTyCZ9bJJvHS
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
UAC bypass
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3