General
-
Target
16f2bfd12ecc59c08c846c7a91179688_JaffaCakes118
-
Size
357KB
-
Sample
240505-k18wmsgd49
-
MD5
16f2bfd12ecc59c08c846c7a91179688
-
SHA1
ac74f2287c0bfe874a210570322452929b765f5e
-
SHA256
22515694f5e8a26dabe3a2c78c91b20868877b50f2e11779e15a946ff0e9a239
-
SHA512
6d445e1454aeedb55a8f98176abc078c7878de8738eb5cb00b5bc388bb4921eb678bcd3e109ebe59c72732fa17dbd7f2064afd500067bbbe1520ec581f66bbd2
-
SSDEEP
6144:SyN8f1pUqmWqpYTHpIb93Oh68L6xywQ1blRjXS7ytx2Uvs:h6f1pUqmIHpyG6TitS0xS
Static task
static1
Behavioral task
behavioral1
Sample
16f2bfd12ecc59c08c846c7a91179688_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
16f2bfd12ecc59c08c846c7a91179688_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
16f2bfd12ecc59c08c846c7a91179688_JaffaCakes118
-
Size
357KB
-
MD5
16f2bfd12ecc59c08c846c7a91179688
-
SHA1
ac74f2287c0bfe874a210570322452929b765f5e
-
SHA256
22515694f5e8a26dabe3a2c78c91b20868877b50f2e11779e15a946ff0e9a239
-
SHA512
6d445e1454aeedb55a8f98176abc078c7878de8738eb5cb00b5bc388bb4921eb678bcd3e109ebe59c72732fa17dbd7f2064afd500067bbbe1520ec581f66bbd2
-
SSDEEP
6144:SyN8f1pUqmWqpYTHpIb93Oh68L6xywQ1blRjXS7ytx2Uvs:h6f1pUqmIHpyG6TitS0xS
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Checks for common network interception software
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
-
Looks for VirtualBox Guest Additions in registry
-
ModiLoader Second Stage
-
Adds policy Run key to start application
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-