General
-
Target
JaffaCakes118_82769264acdda208929c9ca2dfcfa756
-
Size
316KB
-
Sample
250116-1dc4fszmfy
-
MD5
82769264acdda208929c9ca2dfcfa756
-
SHA1
1258576fb14376229c37b9bee584014757228405
-
SHA256
4baa31b982caf138fe41ad2549fe661103b3115a9834eb83d608713067f17e98
-
SHA512
632c1708a45614e4b17bbab08d504ccf3f3ecd10a32debb98ec916de63f2a49a7493f6dc560994cd0a004de50ef69e63557f5b37e7b0e8318c490f5448e26e91
-
SSDEEP
6144:b/0uoof1debxrOo4Ap3Ft7cacLOdrc4WgW76F3iaCp/C:bJj1debxrOO/gacLOdrctgK6Nup/C
Malware Config
Targets
-
-
Target
JaffaCakes118_82769264acdda208929c9ca2dfcfa756
-
Size
316KB
-
MD5
82769264acdda208929c9ca2dfcfa756
-
SHA1
1258576fb14376229c37b9bee584014757228405
-
SHA256
4baa31b982caf138fe41ad2549fe661103b3115a9834eb83d608713067f17e98
-
SHA512
632c1708a45614e4b17bbab08d504ccf3f3ecd10a32debb98ec916de63f2a49a7493f6dc560994cd0a004de50ef69e63557f5b37e7b0e8318c490f5448e26e91
-
SSDEEP
6144:b/0uoof1debxrOo4Ap3Ft7cacLOdrc4WgW76F3iaCp/C:bJj1debxrOO/gacLOdrctgK6Nup/C
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
UAC bypass
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3