General
-
Target
5ae3cafa3421ea2fb73b1648e20e5597_JaffaCakes118
-
Size
785KB
-
Sample
240719-hpwe3axfqj
-
MD5
5ae3cafa3421ea2fb73b1648e20e5597
-
SHA1
65e7f9b3e7456b9f525eb99d6b23a4713c27f22d
-
SHA256
350b3401252bc6dda2c95606516ea43bdf08a54513e5cec21e55ded632e8b73b
-
SHA512
003b5a7305b8311fe81305d057a255f7b3cc6caee29adf5bf0beeaed1114a4d1ad373b1bdb8b581369768a97e0114b5e8a5c8b7f4705c8f8dcee7b7f66be5281
-
SSDEEP
12288:u8/iRtoxzCImiq4LSnziWHs5RFmO6lQOzEme4yV7rjmlXWAK5gWyMwYncq3g93i:uSC2xzCeSqrzgTz2vVPjml5n8ND3g9y
Malware Config
Targets
-
-
Target
5ae3cafa3421ea2fb73b1648e20e5597_JaffaCakes118
-
Size
785KB
-
MD5
5ae3cafa3421ea2fb73b1648e20e5597
-
SHA1
65e7f9b3e7456b9f525eb99d6b23a4713c27f22d
-
SHA256
350b3401252bc6dda2c95606516ea43bdf08a54513e5cec21e55ded632e8b73b
-
SHA512
003b5a7305b8311fe81305d057a255f7b3cc6caee29adf5bf0beeaed1114a4d1ad373b1bdb8b581369768a97e0114b5e8a5c8b7f4705c8f8dcee7b7f66be5281
-
SSDEEP
12288:u8/iRtoxzCImiq4LSnziWHs5RFmO6lQOzEme4yV7rjmlXWAK5gWyMwYncq3g93i:uSC2xzCeSqrzgTz2vVPjml5n8ND3g9y
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
UAC bypass
-
ModiLoader Second Stage
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2Virtualization/Sandbox Evasion
1