General
-
Target
d33686d27badf0dba22b78022bcb456b_JaffaCakes118
-
Size
110KB
-
Sample
241207-x1r94syphz
-
MD5
d33686d27badf0dba22b78022bcb456b
-
SHA1
c5b8f2c220a9c61397250184ddf28e9db776dabc
-
SHA256
edad34922dc6dff199345e3e8abf25400cb817e5f67796dd025a925d7f72919b
-
SHA512
e2df6c781d1239299f74efb893f15dfa4b0d2f7d0798b10c06ab1c0c05d34f5ef8f27ba3c41ebf3ca34d107bcee44fec44f47c7ebed3539bbc3dfec93c8621be
-
SSDEEP
3072:coy8j7VnNdrPHaSekwi+mW6tYOout7O5:M8jZ7rvaU3+mW4YOoSA
Malware Config
Targets
-
-
Target
d33686d27badf0dba22b78022bcb456b_JaffaCakes118
-
Size
110KB
-
MD5
d33686d27badf0dba22b78022bcb456b
-
SHA1
c5b8f2c220a9c61397250184ddf28e9db776dabc
-
SHA256
edad34922dc6dff199345e3e8abf25400cb817e5f67796dd025a925d7f72919b
-
SHA512
e2df6c781d1239299f74efb893f15dfa4b0d2f7d0798b10c06ab1c0c05d34f5ef8f27ba3c41ebf3ca34d107bcee44fec44f47c7ebed3539bbc3dfec93c8621be
-
SSDEEP
3072:coy8j7VnNdrPHaSekwi+mW6tYOout7O5:M8jZ7rvaU3+mW4YOoSA
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
UAC bypass
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3