General
-
Target
6822fe6411396358172e3b0675f18233_JaffaCakes118
-
Size
477KB
-
Sample
240522-wpedfabc31
-
MD5
6822fe6411396358172e3b0675f18233
-
SHA1
82af7f3f4cae07f2f2d3cb68307400995e023297
-
SHA256
c685f77ec783db7f4a61617c9dd6fc9dccee8ad7465471e048169c5604070e9c
-
SHA512
9fd00095579de7ddd4ab2c0f9be4a4be0e48f9a66f9fe65d03e090e84911de509b850269a44254d944a50fa1de1e86244b0a5b7c93a069979c0ee71598ae9227
-
SSDEEP
12288:jtca1qBsng2hJ+0v4ajM/InREpCh/XySbkeSbk6k9:X1MsJA/InR8DSgeSg6k9
Static task
static1
Behavioral task
behavioral1
Sample
6822fe6411396358172e3b0675f18233_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
6822fe6411396358172e3b0675f18233_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
6822fe6411396358172e3b0675f18233_JaffaCakes118
-
Size
477KB
-
MD5
6822fe6411396358172e3b0675f18233
-
SHA1
82af7f3f4cae07f2f2d3cb68307400995e023297
-
SHA256
c685f77ec783db7f4a61617c9dd6fc9dccee8ad7465471e048169c5604070e9c
-
SHA512
9fd00095579de7ddd4ab2c0f9be4a4be0e48f9a66f9fe65d03e090e84911de509b850269a44254d944a50fa1de1e86244b0a5b7c93a069979c0ee71598ae9227
-
SSDEEP
12288:jtca1qBsng2hJ+0v4ajM/InREpCh/XySbkeSbk6k9:X1MsJA/InR8DSgeSg6k9
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Checks for common network interception software
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
-
Looks for VirtualBox Guest Additions in registry
-
ModiLoader Second Stage
-
Adds policy Run key to start application
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-