General
-
Target
a2d644ddb0613f3d21212cb030723f67_JaffaCakes118
-
Size
563KB
-
Sample
240612-2134tsthnh
-
MD5
a2d644ddb0613f3d21212cb030723f67
-
SHA1
c4b339b3a57b329c089c668809e95f962e6d2f25
-
SHA256
50febf6c214953234753525e48313014170b4222e42140d1d4373e3458989e65
-
SHA512
6a417934117950fa26d6183259cb0a84f4e471fc46420b0fdd0e94cd74786277714e53aca8e15855546088e9857740ad34df5a30950a4eab8b2c1732f4e34660
-
SSDEEP
12288:DF8YkIibLrzW006prpb5Vog+/GTq2BZLI+Hqb5N9:6+Wrzx0WHWgcqzvLu9
Static task
static1
Behavioral task
behavioral1
Sample
a2d644ddb0613f3d21212cb030723f67_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
a2d644ddb0613f3d21212cb030723f67_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
a2d644ddb0613f3d21212cb030723f67_JaffaCakes118
-
Size
563KB
-
MD5
a2d644ddb0613f3d21212cb030723f67
-
SHA1
c4b339b3a57b329c089c668809e95f962e6d2f25
-
SHA256
50febf6c214953234753525e48313014170b4222e42140d1d4373e3458989e65
-
SHA512
6a417934117950fa26d6183259cb0a84f4e471fc46420b0fdd0e94cd74786277714e53aca8e15855546088e9857740ad34df5a30950a4eab8b2c1732f4e34660
-
SSDEEP
12288:DF8YkIibLrzW006prpb5Vog+/GTq2BZLI+Hqb5N9:6+Wrzx0WHWgcqzvLu9
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Checks for common network interception software
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
-
Looks for VirtualBox Guest Additions in registry
-
ModiLoader Second Stage
-
Adds policy Run key to start application
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-