General
-
Target
1c101db2daf76a3fd49172ed7855abfe_JaffaCakes118
-
Size
562KB
-
Sample
240506-mjsjfaha9t
-
MD5
1c101db2daf76a3fd49172ed7855abfe
-
SHA1
fdcb04aeef75df5b7c5635054654292d893e4dd9
-
SHA256
1dd0bf89c416a276deb5bba33d65a8a0c5a5653e4f9d3178d6745313b1416f81
-
SHA512
3ead35c9dba09e421359f4eed7cbf92b0e7f46920f88fb5e62be13051476efaf3ca722786c960c2095b9813268eefdce3196e8b8ce15f21c81a887738fb6f1f9
-
SSDEEP
12288:nxibnc/66oWkCd5JGtsu8e4DTUqwJSGDnzQcle4ySC7swBOZxQ:x6i6jl45JWsuN4HwQ8byF73OZW
Static task
static1
Behavioral task
behavioral1
Sample
1c101db2daf76a3fd49172ed7855abfe_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1c101db2daf76a3fd49172ed7855abfe_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
1c101db2daf76a3fd49172ed7855abfe_JaffaCakes118
-
Size
562KB
-
MD5
1c101db2daf76a3fd49172ed7855abfe
-
SHA1
fdcb04aeef75df5b7c5635054654292d893e4dd9
-
SHA256
1dd0bf89c416a276deb5bba33d65a8a0c5a5653e4f9d3178d6745313b1416f81
-
SHA512
3ead35c9dba09e421359f4eed7cbf92b0e7f46920f88fb5e62be13051476efaf3ca722786c960c2095b9813268eefdce3196e8b8ce15f21c81a887738fb6f1f9
-
SSDEEP
12288:nxibnc/66oWkCd5JGtsu8e4DTUqwJSGDnzQcle4ySC7swBOZxQ:x6i6jl45JWsuN4HwQ8byF73OZW
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Checks for common network interception software
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
-
Looks for VirtualBox Guest Additions in registry
-
ModiLoader Second Stage
-
Adds policy Run key to start application
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-