General
-
Target
b3315f1bc055b4f007fad4504586b854_JaffaCakes118
-
Size
758KB
-
Sample
241129-x5w4vswrgq
-
MD5
b3315f1bc055b4f007fad4504586b854
-
SHA1
54d6761cc45d5762235ba181f69c5d5d65fbcb7f
-
SHA256
c153b8d720febb83961d8107e89a9bca44a6e0a034114bf0b35ef40b5e64a443
-
SHA512
eb22d9211e7a736485526deb54ada3ceaf3a5d980c483a598b5231d5bcb3153b352242b1334ef6e61e9e5301b3967fd33ab352abaeaf068a596f1be0c50b1fcd
-
SSDEEP
12288:e5LiBcB7013Wy3sGb1qIwm3XszHSfsHOMoEbUlOA0aN7uuP0yA8rZH8DTAJY+Z:e5maY1mDU1D389OySN7sr1TSY+Z
Malware Config
Targets
-
-
Target
b3315f1bc055b4f007fad4504586b854_JaffaCakes118
-
Size
758KB
-
MD5
b3315f1bc055b4f007fad4504586b854
-
SHA1
54d6761cc45d5762235ba181f69c5d5d65fbcb7f
-
SHA256
c153b8d720febb83961d8107e89a9bca44a6e0a034114bf0b35ef40b5e64a443
-
SHA512
eb22d9211e7a736485526deb54ada3ceaf3a5d980c483a598b5231d5bcb3153b352242b1334ef6e61e9e5301b3967fd33ab352abaeaf068a596f1be0c50b1fcd
-
SSDEEP
12288:e5LiBcB7013Wy3sGb1qIwm3XszHSfsHOMoEbUlOA0aN7uuP0yA8rZH8DTAJY+Z:e5maY1mDU1D389OySN7sr1TSY+Z
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
UAC bypass
-
ModiLoader Second Stage
-
Deletes itself
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3Virtualization/Sandbox Evasion
1