General
-
Target
f8d9fb872da8cff40d4d38c1a5f1b08c_JaffaCakes118
-
Size
1.9MB
-
Sample
240926-vsz9mssamb
-
MD5
f8d9fb872da8cff40d4d38c1a5f1b08c
-
SHA1
720bc8a0a147a2e96f0779b91c0cfaf7f307121f
-
SHA256
318756454e48159e09130351e0dfa1b4801bc84f1df8631b6708be907b1bf1ec
-
SHA512
b98105733eea6339717cfe436b0f991e05324c93ebccf7242b63a723135fd77211f0d1500f737d605e25cc671f5bb21d5ea51ec9d09362496a8c6902977354e6
-
SSDEEP
24576:GKlJWe2LFjK1PUe45VoAzkOOjJwq6adczifzUIJXYujAsio2f3kGtZ2iBa4V0tGX:GKlIdkcIpJIei3Vi3jOM90SeGU3
Malware Config
Targets
-
-
Target
f8d9fb872da8cff40d4d38c1a5f1b08c_JaffaCakes118
-
Size
1.9MB
-
MD5
f8d9fb872da8cff40d4d38c1a5f1b08c
-
SHA1
720bc8a0a147a2e96f0779b91c0cfaf7f307121f
-
SHA256
318756454e48159e09130351e0dfa1b4801bc84f1df8631b6708be907b1bf1ec
-
SHA512
b98105733eea6339717cfe436b0f991e05324c93ebccf7242b63a723135fd77211f0d1500f737d605e25cc671f5bb21d5ea51ec9d09362496a8c6902977354e6
-
SSDEEP
24576:GKlJWe2LFjK1PUe45VoAzkOOjJwq6adczifzUIJXYujAsio2f3kGtZ2iBa4V0tGX:GKlIdkcIpJIei3Vi3jOM90SeGU3
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
UAC bypass
-
ModiLoader Second Stage
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3Virtualization/Sandbox Evasion
1