General
-
Target
e36b5ca136805c9b6ca817be8e864d76_JaffaCakes118
-
Size
1.3MB
-
Sample
241211-1y3jvazmhv
-
MD5
e36b5ca136805c9b6ca817be8e864d76
-
SHA1
c82fc61efe4f53197f8b706abdcbdf30cdfafe1f
-
SHA256
41431474bc761c28c6d6a1d903b3fb523c8d383032b2d10cf74df0d20229cf3d
-
SHA512
d35210836168cc3862e1d0717564c078bbac5bd182cf5a8c9465764d6e47345333210329e8b0ac7d7d3a39e967d8da491a7fa655bafb9250d59e092a93366fa5
-
SSDEEP
24576:5SVjJXq5R8zVifDiUfLSNZy1pWF/qyNGwWv0OT:eJXq5RXuNZSa/zNGwW5T
Malware Config
Targets
-
-
Target
e36b5ca136805c9b6ca817be8e864d76_JaffaCakes118
-
Size
1.3MB
-
MD5
e36b5ca136805c9b6ca817be8e864d76
-
SHA1
c82fc61efe4f53197f8b706abdcbdf30cdfafe1f
-
SHA256
41431474bc761c28c6d6a1d903b3fb523c8d383032b2d10cf74df0d20229cf3d
-
SHA512
d35210836168cc3862e1d0717564c078bbac5bd182cf5a8c9465764d6e47345333210329e8b0ac7d7d3a39e967d8da491a7fa655bafb9250d59e092a93366fa5
-
SSDEEP
24576:5SVjJXq5R8zVifDiUfLSNZy1pWF/qyNGwWv0OT:eJXq5RXuNZSa/zNGwW5T
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
UAC bypass
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks whether UAC is enabled
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2