General
-
Target
2b156327e9f147d0168a413b1afee42e_JaffaCakes118
-
Size
1.9MB
-
Sample
240708-fr7vrstelp
-
MD5
2b156327e9f147d0168a413b1afee42e
-
SHA1
05f46fc280bca259a67a169d79a9a840db33f71b
-
SHA256
f28ffde3992306fe833b9e49ef3e62d4c34b5c07be086d1c3dc11f8cbc2f81b7
-
SHA512
cda43e9f4ae384dc7d980df0b5abdd061526fc4f20e884cc65bdc1f12665653637a145e52915282b429b8a227ec085123540b69a950e98563e97e3762a1f09f4
-
SSDEEP
49152:8rEAtbu6RDIFyxdj/BFDk+8iXnTmAw0iIRDZQnMtQBreovSCv44jnZQ7:ubu6RDIsxdj/7DvnKZ0pDKMtQIBCA4Y
Malware Config
Targets
-
-
Target
2b156327e9f147d0168a413b1afee42e_JaffaCakes118
-
Size
1.9MB
-
MD5
2b156327e9f147d0168a413b1afee42e
-
SHA1
05f46fc280bca259a67a169d79a9a840db33f71b
-
SHA256
f28ffde3992306fe833b9e49ef3e62d4c34b5c07be086d1c3dc11f8cbc2f81b7
-
SHA512
cda43e9f4ae384dc7d980df0b5abdd061526fc4f20e884cc65bdc1f12665653637a145e52915282b429b8a227ec085123540b69a950e98563e97e3762a1f09f4
-
SSDEEP
49152:8rEAtbu6RDIFyxdj/BFDk+8iXnTmAw0iIRDZQnMtQBreovSCv44jnZQ7:ubu6RDIsxdj/7DvnKZ0pDKMtQIBCA4Y
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
UAC bypass
-
ModiLoader Second Stage
-
Deletes itself
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3Virtualization/Sandbox Evasion
1