General
-
Target
250b892c359976b28dff505fc7e821b6_JaffaCakes118
-
Size
3.4MB
-
Sample
240704-hv2t2azcmj
-
MD5
250b892c359976b28dff505fc7e821b6
-
SHA1
bbe7c319d1a1a9c6d0686e3e8007fd99f7f2dea8
-
SHA256
33de4c23bcf95c6cb76a28610c897bd57b2a3c3cd87dcc6244e704b7761c2415
-
SHA512
ed64a7f18a2d75444572b01508126ccc396c301e0ff6bb5576d86c9ce89ec32ec3700e55515ae0f57688f1317bb293431e07fc575aa1b89231196688715576a8
-
SSDEEP
98304:30bUWxYqdwkLcHHLotY2gx7qpFp/xdt++NQku:30bzjALlGfBxz+EQF
Static task
static1
Behavioral task
behavioral1
Sample
250b892c359976b28dff505fc7e821b6_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
250b892c359976b28dff505fc7e821b6_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
250b892c359976b28dff505fc7e821b6_JaffaCakes118
-
Size
3.4MB
-
MD5
250b892c359976b28dff505fc7e821b6
-
SHA1
bbe7c319d1a1a9c6d0686e3e8007fd99f7f2dea8
-
SHA256
33de4c23bcf95c6cb76a28610c897bd57b2a3c3cd87dcc6244e704b7761c2415
-
SHA512
ed64a7f18a2d75444572b01508126ccc396c301e0ff6bb5576d86c9ce89ec32ec3700e55515ae0f57688f1317bb293431e07fc575aa1b89231196688715576a8
-
SSDEEP
98304:30bUWxYqdwkLcHHLotY2gx7qpFp/xdt++NQku:30bzjALlGfBxz+EQF
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-