General
-
Target
3f7f13d742100d98c834b5c848a902f4_JaffaCakes118
-
Size
466KB
-
Sample
240513-pqpr8sfc77
-
MD5
3f7f13d742100d98c834b5c848a902f4
-
SHA1
2038d1379681d933f22db441d6aa0124de2fc046
-
SHA256
049d05dfc55c4ba63ea1aa279e825fb214e20b9f7948501aebd6438311f0e08c
-
SHA512
b4dcfaf0ade1d4ad03075aab0e389980b0219844f9a5d30666e21ce5c9df8988dffa51dd8f56519761d8bddde65ba1a232f686637ede308101c8c461e78bd4cc
-
SSDEEP
12288:qhVx7mlhyZhowU+HXn30CLD6b0wWCQPLBAK2:qhbmEowU+3n30pbVQP1R2
Malware Config
Targets
-
-
Target
3f7f13d742100d98c834b5c848a902f4_JaffaCakes118
-
Size
466KB
-
MD5
3f7f13d742100d98c834b5c848a902f4
-
SHA1
2038d1379681d933f22db441d6aa0124de2fc046
-
SHA256
049d05dfc55c4ba63ea1aa279e825fb214e20b9f7948501aebd6438311f0e08c
-
SHA512
b4dcfaf0ade1d4ad03075aab0e389980b0219844f9a5d30666e21ce5c9df8988dffa51dd8f56519761d8bddde65ba1a232f686637ede308101c8c461e78bd4cc
-
SSDEEP
12288:qhVx7mlhyZhowU+HXn30CLD6b0wWCQPLBAK2:qhbmEowU+3n30pbVQP1R2
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Checks for common network interception software
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
-
Looks for VirtualBox Guest Additions in registry
-
ModiLoader Second Stage
-
Adds policy Run key to start application
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-