General
-
Target
16e267f16cac5425459b459c3a17727e_JaffaCakes118
-
Size
2.7MB
-
Sample
240627-v5brtathpk
-
MD5
16e267f16cac5425459b459c3a17727e
-
SHA1
8c79668a8f66459c2747b4caa78f467609a734dc
-
SHA256
a832c300abac5bc23edff4345bdc72b99c6b5c24eff42a74191fd302475c6393
-
SHA512
33564aa99e0f54d45167bc9ed91cba66a666b8478ab048b9910b24432ad91adb19ee3b41d6779f79a79687dea352624141bc5d52a04ecb6e1971690d2472ed4c
-
SSDEEP
49152:BikK5chf/Nnut0Hs1V237lqbnroE8G5X9A0urnk3KVi9FaGMnhiw:UkKWV/RutP1cBSjZ9arnkaGQGEi
Static task
static1
Behavioral task
behavioral1
Sample
16e267f16cac5425459b459c3a17727e_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
16e267f16cac5425459b459c3a17727e_JaffaCakes118
-
Size
2.7MB
-
MD5
16e267f16cac5425459b459c3a17727e
-
SHA1
8c79668a8f66459c2747b4caa78f467609a734dc
-
SHA256
a832c300abac5bc23edff4345bdc72b99c6b5c24eff42a74191fd302475c6393
-
SHA512
33564aa99e0f54d45167bc9ed91cba66a666b8478ab048b9910b24432ad91adb19ee3b41d6779f79a79687dea352624141bc5d52a04ecb6e1971690d2472ed4c
-
SSDEEP
49152:BikK5chf/Nnut0Hs1V237lqbnroE8G5X9A0urnk3KVi9FaGMnhiw:UkKWV/RutP1cBSjZ9arnkaGQGEi
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-