General
-
Target
f1bbed3ed88c7b43de6e31aefecc50bc_JaffaCakes118
-
Size
178KB
-
Sample
241215-b83j6a1jaw
-
MD5
f1bbed3ed88c7b43de6e31aefecc50bc
-
SHA1
81f648025e25a4fb54b3b7786317265a288e5025
-
SHA256
a846d606b6249ed7106979c61dc7a5fc2d266f2a4b20d6642e2d5416d163acd3
-
SHA512
61963cf07090e0e3586bb55b25c2e203713bed3248e7a26733f3a1e25cd968ed004b0a1af3cad0ba6fe631a0327037728f4e1c99a85389e54ebd5271483ca906
-
SSDEEP
3072:NhRfk4FJAM0T5aD/a86ON+h8RiNDVHjTxAiu3sbhQL4/br/FVG94aI8khB:NhRsKAMm5aD/agRqxDUiQkfNVGnkhB
Malware Config
Targets
-
-
Target
f1bbed3ed88c7b43de6e31aefecc50bc_JaffaCakes118
-
Size
178KB
-
MD5
f1bbed3ed88c7b43de6e31aefecc50bc
-
SHA1
81f648025e25a4fb54b3b7786317265a288e5025
-
SHA256
a846d606b6249ed7106979c61dc7a5fc2d266f2a4b20d6642e2d5416d163acd3
-
SHA512
61963cf07090e0e3586bb55b25c2e203713bed3248e7a26733f3a1e25cd968ed004b0a1af3cad0ba6fe631a0327037728f4e1c99a85389e54ebd5271483ca906
-
SSDEEP
3072:NhRfk4FJAM0T5aD/a86ON+h8RiNDVHjTxAiu3sbhQL4/br/FVG94aI8khB:NhRsKAMm5aD/agRqxDUiQkfNVGnkhB
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
UAC bypass
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks whether UAC is enabled
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2