General
-
Target
e58e2d2d2fab88e1b2f8c88aca3118b9_JaffaCakes118
-
Size
1.0MB
-
Sample
240916-zqf57syhml
-
MD5
e58e2d2d2fab88e1b2f8c88aca3118b9
-
SHA1
ae561eff64f535794c266a70c8506bb10d430bbd
-
SHA256
15ec190cd1510696b56bc112c84902c862f052d35d5eff70c9c6dec9ce99816e
-
SHA512
c072a53c3946af6a126c87c907f790e6721617cd2830d55b77efbe944b10c3e3545c523d0bfaa8981a65058cf9272160a7920c587c3d3b987bd597f3cb9382aa
-
SSDEEP
24576:Y3V7WvUvQp3+cNa+UyVD/YuB3l9+Du3FtAdhNDQjTj/:27DvQpNaHDu/Wu1tAdhNDQjTT
Malware Config
Targets
-
-
Target
e58e2d2d2fab88e1b2f8c88aca3118b9_JaffaCakes118
-
Size
1.0MB
-
MD5
e58e2d2d2fab88e1b2f8c88aca3118b9
-
SHA1
ae561eff64f535794c266a70c8506bb10d430bbd
-
SHA256
15ec190cd1510696b56bc112c84902c862f052d35d5eff70c9c6dec9ce99816e
-
SHA512
c072a53c3946af6a126c87c907f790e6721617cd2830d55b77efbe944b10c3e3545c523d0bfaa8981a65058cf9272160a7920c587c3d3b987bd597f3cb9382aa
-
SSDEEP
24576:Y3V7WvUvQp3+cNa+UyVD/YuB3l9+Du3FtAdhNDQjTj/:27DvQpNaHDu/Wu1tAdhNDQjTT
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
UAC bypass
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3Virtualization/Sandbox Evasion
1