General
-
Target
19ba4fc80828abfc663c6863e163cd61_JaffaCakes118
-
Size
2.6MB
-
Sample
240628-l4ebwaweqr
-
MD5
19ba4fc80828abfc663c6863e163cd61
-
SHA1
14b3c1b70d6785b0719269a8eef534d5a2ca39e1
-
SHA256
37862a6526c000abe82b5e067c6833a77a8aea9b1dd5d03d4a2d8efb5af9ff13
-
SHA512
94f21d6a89bbb8ba747d12129fdca0efffc44c12be39f17156c122e708acb457897ffb800e2b8c5a2560d31baaa117e8a9fbf14a87c288289169abc9e110e101
-
SSDEEP
49152:FQ1qqagrrMejELqBIlS1tHTPTR6N8RzlBR3cUuEecqnrPv:FQUGHjELNlLKfBtcXEecqjv
Static task
static1
Behavioral task
behavioral1
Sample
19ba4fc80828abfc663c6863e163cd61_JaffaCakes118.exe
Resource
win7-20240220-en
Malware Config
Targets
-
-
Target
19ba4fc80828abfc663c6863e163cd61_JaffaCakes118
-
Size
2.6MB
-
MD5
19ba4fc80828abfc663c6863e163cd61
-
SHA1
14b3c1b70d6785b0719269a8eef534d5a2ca39e1
-
SHA256
37862a6526c000abe82b5e067c6833a77a8aea9b1dd5d03d4a2d8efb5af9ff13
-
SHA512
94f21d6a89bbb8ba747d12129fdca0efffc44c12be39f17156c122e708acb457897ffb800e2b8c5a2560d31baaa117e8a9fbf14a87c288289169abc9e110e101
-
SSDEEP
49152:FQ1qqagrrMejELqBIlS1tHTPTR6N8RzlBR3cUuEecqnrPv:FQUGHjELNlLKfBtcXEecqjv
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-