General
-
Target
f49282e3ffdb0d0581242ddfc346fb1d_JaffaCakes118
-
Size
1.7MB
-
Sample
240924-1q9m7a1alc
-
MD5
f49282e3ffdb0d0581242ddfc346fb1d
-
SHA1
54e9a72155c4ddb7deaa4c3b5ccef748412f6c6e
-
SHA256
c949395ec7cd12997419982a342b789756f389419e81880df7360ae41db1eb81
-
SHA512
6a6d315664829c6cfe20089e0d05a96e0eb20038e6f87f9b2d6087b003f42bf4450bffe5b1030898943e40285624fb9e79183a88533314230c286d1dd4bfb5c0
-
SSDEEP
49152:NyASZB9X1Lkdt6I1rOnotEVUc0+Mw4gCR:EB9XKdEIjEicX4g
Malware Config
Targets
-
-
Target
f49282e3ffdb0d0581242ddfc346fb1d_JaffaCakes118
-
Size
1.7MB
-
MD5
f49282e3ffdb0d0581242ddfc346fb1d
-
SHA1
54e9a72155c4ddb7deaa4c3b5ccef748412f6c6e
-
SHA256
c949395ec7cd12997419982a342b789756f389419e81880df7360ae41db1eb81
-
SHA512
6a6d315664829c6cfe20089e0d05a96e0eb20038e6f87f9b2d6087b003f42bf4450bffe5b1030898943e40285624fb9e79183a88533314230c286d1dd4bfb5c0
-
SSDEEP
49152:NyASZB9X1Lkdt6I1rOnotEVUc0+Mw4gCR:EB9XKdEIjEicX4g
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
UAC bypass
-
ModiLoader Second Stage
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3Virtualization/Sandbox Evasion
1