General
-
Target
15498158598632df42dd416de292d24e_JaffaCakes118
-
Size
1.1MB
-
Sample
241004-3cel1awfnf
-
MD5
15498158598632df42dd416de292d24e
-
SHA1
3c82c22b8910963da6aaed0a7f4449b222cd2dbc
-
SHA256
28a1e5b98c9b890026a9712ceabf90bc227750f5616d9d4b19f5c404d864db1f
-
SHA512
1303c1b586d60a0a55ece624f9eeef94c48f19a8f941f85d8f530fd7a538435586c40442e10531e5a99f1e31ee30ee39e58e0e03dc84f9ae115d6725c999741c
-
SSDEEP
24576:iYYKN5HuJM5g8Y1BpzS9ZX2Is/GTUsak+M2dnH3trXmp1bG2:iR+HDFYJS9AI0GwmWUp1L
Static task
static1
Behavioral task
behavioral1
Sample
TheWarz-Crack.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
TheWarz-Crack.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
njrat
0.6.4
TheWarz-Crack-1
103.22.181.199:1177
4ff3a911dbfff7e34d508efdb7eca614
-
reg_key
4ff3a911dbfff7e34d508efdb7eca614
-
splitter
|'|'|
Targets
-
-
Target
TheWarz-Crack.exe
-
Size
1.2MB
-
MD5
6b035800be70ccbedd9154a9ae57d03b
-
SHA1
c7de2eba384c891723b4a17753ee00129f5fe973
-
SHA256
e621a036413f70d0a00dbe48de5773dceea1429dc1864aebe90cb277583690de
-
SHA512
1b41dc9bf8c040ca33d26da8986f346ff6be02bf2197b78c96b2c6dbb45ba19bf4b31d8eeb4e715c78507b78ea6d2b05d039fb28e11ec8750fc5080a42c318d7
-
SSDEEP
24576:yzjh/FIFRPOUS01XpN4wEpv7I+CqSfhvuwGHEqPb2LxBxf3y:CKFNSEpN4NpvcAyBudHTCFq
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1