General
-
Target
d93af168e77a593d6c3876c068d0aa21_JaffaCakes118
-
Size
1.6MB
-
Sample
240910-3sraqssfmd
-
MD5
d93af168e77a593d6c3876c068d0aa21
-
SHA1
9fb2fb38d70d85efefc42479d09a69f1b0ea9656
-
SHA256
2b24343cdc0dbbb44ed501e3d39e418d5e6290ae56182d8e41493eb97f6eda95
-
SHA512
be6cb89574a817223785befee21507dc1fcf0fb1ef6eb2482228a8021fe7d84c409629740542938227014779df9b50445ba2c057f705b84a05441410c55b00dd
-
SSDEEP
24576:rugPLI21NbkTS4AEIjUdEi4cd80O+wk5JmyVdJUIZrE2gDpSfNXEo0kOD7b/E0gn:rPT1N2RFdAU5BWImrpSfNopLEhHVgYyC
Malware Config
Targets
-
-
Target
d93af168e77a593d6c3876c068d0aa21_JaffaCakes118
-
Size
1.6MB
-
MD5
d93af168e77a593d6c3876c068d0aa21
-
SHA1
9fb2fb38d70d85efefc42479d09a69f1b0ea9656
-
SHA256
2b24343cdc0dbbb44ed501e3d39e418d5e6290ae56182d8e41493eb97f6eda95
-
SHA512
be6cb89574a817223785befee21507dc1fcf0fb1ef6eb2482228a8021fe7d84c409629740542938227014779df9b50445ba2c057f705b84a05441410c55b00dd
-
SSDEEP
24576:rugPLI21NbkTS4AEIjUdEi4cd80O+wk5JmyVdJUIZrE2gDpSfNXEo0kOD7b/E0gn:rPT1N2RFdAU5BWImrpSfNopLEhHVgYyC
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
UAC bypass
-
ModiLoader Second Stage
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2Virtualization/Sandbox Evasion
1