General
-
Target
25392a5ce7f40affefba9be7db7a5fe0_JaffaCakes118
-
Size
2.6MB
-
Sample
240704-j1xb6stglg
-
MD5
25392a5ce7f40affefba9be7db7a5fe0
-
SHA1
b81ea515a834d4c7a549277f6f59b282d187a61c
-
SHA256
590a30f9410ef7c6faa13fc8e82446adf4b3c2219f76b4a506c31f9f070a6b61
-
SHA512
68573eb43ebe2867c56855ff5f4919bf8b2ee80423814b4a0e4aa0d1c910a141f9a6ce2a3b4cfa5c193327ac489a850c7c416b7af7c218ce308520dcb60fddf6
-
SSDEEP
49152:dbVhjM3E50Dv/EplF+2YNtZXXFjAseTKA2PFbaKSgjDjOouPpR040a:NfiE5lpzRiXXBAseTKA2PZa5gjHqphZ
Static task
static1
Behavioral task
behavioral1
Sample
25392a5ce7f40affefba9be7db7a5fe0_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
25392a5ce7f40affefba9be7db7a5fe0_JaffaCakes118
-
Size
2.6MB
-
MD5
25392a5ce7f40affefba9be7db7a5fe0
-
SHA1
b81ea515a834d4c7a549277f6f59b282d187a61c
-
SHA256
590a30f9410ef7c6faa13fc8e82446adf4b3c2219f76b4a506c31f9f070a6b61
-
SHA512
68573eb43ebe2867c56855ff5f4919bf8b2ee80423814b4a0e4aa0d1c910a141f9a6ce2a3b4cfa5c193327ac489a850c7c416b7af7c218ce308520dcb60fddf6
-
SSDEEP
49152:dbVhjM3E50Dv/EplF+2YNtZXXFjAseTKA2PFbaKSgjDjOouPpR040a:NfiE5lpzRiXXBAseTKA2PZa5gjHqphZ
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-