General
-
Target
bdf03ca4fb34c3a0a468dfda9ad9e785_JaffaCakes118
-
Size
836KB
-
Sample
240824-fnw9vsthre
-
MD5
bdf03ca4fb34c3a0a468dfda9ad9e785
-
SHA1
77b79e6e4ef7059f145920ee7053b1a4c802b44e
-
SHA256
652404b681b90b5168513bfe141993b15139aa03cdd22a2f5a3d1e987e1497a6
-
SHA512
72b0b7983f170c1d424612326fb9048be9ae653c884c5b27cfd552b5e3295d4d58b543f3a0bab39edcb5ad5b67e5dba5fedaaf26c0d54962bdc81e5f0988a876
-
SSDEEP
24576:nQBPNV/QRoHyEm6YIh20N5nxcCGKYOClqsR7BZrDG2EDhHz:QjV/QeHRnhGpl71ryfT
Malware Config
Targets
-
-
Target
bdf03ca4fb34c3a0a468dfda9ad9e785_JaffaCakes118
-
Size
836KB
-
MD5
bdf03ca4fb34c3a0a468dfda9ad9e785
-
SHA1
77b79e6e4ef7059f145920ee7053b1a4c802b44e
-
SHA256
652404b681b90b5168513bfe141993b15139aa03cdd22a2f5a3d1e987e1497a6
-
SHA512
72b0b7983f170c1d424612326fb9048be9ae653c884c5b27cfd552b5e3295d4d58b543f3a0bab39edcb5ad5b67e5dba5fedaaf26c0d54962bdc81e5f0988a876
-
SSDEEP
24576:nQBPNV/QRoHyEm6YIh20N5nxcCGKYOClqsR7BZrDG2EDhHz:QjV/QeHRnhGpl71ryfT
Score10/10-
UAC bypass
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2Virtualization/Sandbox Evasion
1