General
-
Target
1acbd0727623b1713a14cba22676c613_JaffaCakes118
-
Size
2.6MB
-
Sample
240701-llpd5axekj
-
MD5
1acbd0727623b1713a14cba22676c613
-
SHA1
dfbbb678adf42d3dadf4fce43361a772b0cd12c1
-
SHA256
0bcc7c03a38a9d13d409d2f5cfce0768fccdd9478b5c1f8bb3734df7992c288f
-
SHA512
c6acc9fdcceda6d456c82694259639628bd8fbb802c9a13d19ae1aeab0c576a956006af8bd3457c5f0aa38b6481ee908b80847f17a8ef1f3a6be9e52883d94c0
-
SSDEEP
49152:+d0UNKnSokqAXvBjpVf+kpuBt+PwLcvrdR/qFxsQ851MWyYCP9hCM+w:+d0UNK/kqUBVgfgPwLGpwFxs35eWyZ+
Malware Config
Targets
-
-
Target
1acbd0727623b1713a14cba22676c613_JaffaCakes118
-
Size
2.6MB
-
MD5
1acbd0727623b1713a14cba22676c613
-
SHA1
dfbbb678adf42d3dadf4fce43361a772b0cd12c1
-
SHA256
0bcc7c03a38a9d13d409d2f5cfce0768fccdd9478b5c1f8bb3734df7992c288f
-
SHA512
c6acc9fdcceda6d456c82694259639628bd8fbb802c9a13d19ae1aeab0c576a956006af8bd3457c5f0aa38b6481ee908b80847f17a8ef1f3a6be9e52883d94c0
-
SSDEEP
49152:+d0UNKnSokqAXvBjpVf+kpuBt+PwLcvrdR/qFxsQ851MWyYCP9hCM+w:+d0UNK/kqUBVgfgPwLGpwFxs35eWyZ+
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-