General
-
Target
16e3029222864030e68ddeca0687882d_JaffaCakes118
-
Size
549KB
-
Sample
240505-kpwryafh95
-
MD5
16e3029222864030e68ddeca0687882d
-
SHA1
f42c97e4054763a8520aaa7318596d5955251294
-
SHA256
e2862099ecb4e6a3e51f07e1d1811cf8dd4903c33f9bd3be86587fb52ba01766
-
SHA512
be22223452269ef0d4228146c4df7d7d4f285294c2af927359c7f2e8164629c69ee15fef77bed2f143f6d521bc64d72b9f3abe9c83911c1c6c2807086cfd08ca
-
SSDEEP
12288:/ZTDd4t/u28bEFGWtdOKbBEP68A2TiiIk1c9La:/H4Vu4xL2Pa2mZk1Wa
Static task
static1
Behavioral task
behavioral1
Sample
16e3029222864030e68ddeca0687882d_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
16e3029222864030e68ddeca0687882d_JaffaCakes118.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
16e3029222864030e68ddeca0687882d_JaffaCakes118
-
Size
549KB
-
MD5
16e3029222864030e68ddeca0687882d
-
SHA1
f42c97e4054763a8520aaa7318596d5955251294
-
SHA256
e2862099ecb4e6a3e51f07e1d1811cf8dd4903c33f9bd3be86587fb52ba01766
-
SHA512
be22223452269ef0d4228146c4df7d7d4f285294c2af927359c7f2e8164629c69ee15fef77bed2f143f6d521bc64d72b9f3abe9c83911c1c6c2807086cfd08ca
-
SSDEEP
12288:/ZTDd4t/u28bEFGWtdOKbBEP68A2TiiIk1c9La:/H4Vu4xL2Pa2mZk1Wa
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Checks for common network interception software
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
-
Looks for VirtualBox Guest Additions in registry
-
ModiLoader Second Stage
-
Adds policy Run key to start application
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-