General
-
Target
19e84aa79c4ce90238c06533b909f9d4_JaffaCakes118
-
Size
2.5MB
-
Sample
240628-nbywxswfkf
-
MD5
19e84aa79c4ce90238c06533b909f9d4
-
SHA1
4c1cfd8877fbc4df83ac224b89e418e7b4792b05
-
SHA256
0bc8f4eb01bdfd0d11d0ebd8deaed30e60908550be9c9668364b21b49c626256
-
SHA512
8b82ca108ce9aa63155e64db7299659c76db6d23266039e3d84acca7c4185834c75a2158283a109610c54306e77acc775e27ab2d8f76dcb14d7fe8173475ef9d
-
SSDEEP
49152:TusnT65I512yIni8ELgAUkkCXXkHss50Ye4AGSZhOwrMrC:TT6ugMLBUkXX+ss50YTcPHr+C
Static task
static1
Behavioral task
behavioral1
Sample
19e84aa79c4ce90238c06533b909f9d4_JaffaCakes118.exe
Resource
win7-20240611-en
Malware Config
Targets
-
-
Target
19e84aa79c4ce90238c06533b909f9d4_JaffaCakes118
-
Size
2.5MB
-
MD5
19e84aa79c4ce90238c06533b909f9d4
-
SHA1
4c1cfd8877fbc4df83ac224b89e418e7b4792b05
-
SHA256
0bc8f4eb01bdfd0d11d0ebd8deaed30e60908550be9c9668364b21b49c626256
-
SHA512
8b82ca108ce9aa63155e64db7299659c76db6d23266039e3d84acca7c4185834c75a2158283a109610c54306e77acc775e27ab2d8f76dcb14d7fe8173475ef9d
-
SSDEEP
49152:TusnT65I512yIni8ELgAUkkCXXkHss50Ye4AGSZhOwrMrC:TT6ugMLBUkXX+ss50YTcPHr+C
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-