General
-
Target
d029eb44e6eca32223f4659a5fcc15d0_JaffaCakes118
-
Size
1.1MB
-
Sample
241207-ckezmawkgl
-
MD5
d029eb44e6eca32223f4659a5fcc15d0
-
SHA1
f098fc7138a88b07c5063e86507db8c2c891703d
-
SHA256
3db501af21fb74a96168a82036add26c137c0d3951e1e02078ef49285c8faa77
-
SHA512
191bc4e166780bd19dbb7cddfab5a84ba5f4c9feab2885b8d92500dd6cc637d41a688db107c71d05cbe82c18ffb4e2113c55b58642d7c15ef91afd5331e214ff
-
SSDEEP
24576:qOwPit8f/ust6uHU9QBz4cbvsJ72Zu5vhNUp741cv/HA:qN6Mfh4PJYuhUpmcng
Malware Config
Targets
-
-
Target
d029eb44e6eca32223f4659a5fcc15d0_JaffaCakes118
-
Size
1.1MB
-
MD5
d029eb44e6eca32223f4659a5fcc15d0
-
SHA1
f098fc7138a88b07c5063e86507db8c2c891703d
-
SHA256
3db501af21fb74a96168a82036add26c137c0d3951e1e02078ef49285c8faa77
-
SHA512
191bc4e166780bd19dbb7cddfab5a84ba5f4c9feab2885b8d92500dd6cc637d41a688db107c71d05cbe82c18ffb4e2113c55b58642d7c15ef91afd5331e214ff
-
SSDEEP
24576:qOwPit8f/ust6uHU9QBz4cbvsJ72Zu5vhNUp741cv/HA:qN6Mfh4PJYuhUpmcng
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
UAC bypass
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3Virtualization/Sandbox Evasion
1