General
-
Target
12eceb3b3abb632b1bb787e0df1b6a06_JaffaCakes118
-
Size
142KB
-
Sample
241004-mbs51asgkb
-
MD5
12eceb3b3abb632b1bb787e0df1b6a06
-
SHA1
43c97c76c6fcebdfbd57bec1eeaf16995b612701
-
SHA256
88bd42d25947769e78ce55cb66fd526a13cc7df391e26cc9d6994d94728df251
-
SHA512
664e67b6e749870abf3e12eac8393876aa6a660cd2a9022912b672a68dd20acc0bf7f530dca389c572865cc53c9764044a5817dd26bdfef4f8d44afe2ebff782
-
SSDEEP
3072:cVV1nFHw8jpvzUbOuiVTq0EIR/G+71mGDD5b+WzklfXn:cVLnFHJtv4P8Tq0DfmAVb8R
Malware Config
Targets
-
-
Target
Curriculo_atualizado2012.exe
-
Size
248KB
-
MD5
2a54920d335e41a025b6c40b8dac4335
-
SHA1
8926ef50825bf793a71bf26ffafcc51e37bc459d
-
SHA256
dd1b1a34a804227e8eb1bc5f7da0b74d84d2031b86744de1406a3750e31c857b
-
SHA512
428882f3ea330c1e62b557089ce90f67eedf9be565d3722b049f25fab613404f1c06fafa323ba9b955c238b04418d274b1202bf957a23a7fd36f357e329d48ca
-
SSDEEP
3072:6BtJ6tSCfxXmsBVXNzEp1hw9OZ09axIhS6FNjWLoZbn0Nku8MI+U:6Bt4XcIS1hfCcxIvFNjW8bn0N98z
Score10/10-
UAC bypass
-
Blocklisted process makes network request
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Checks whether UAC is enabled
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3