General
-
Target
d40827b3d8da9d229f8a8bf6720b4b8c_JaffaCakes118
-
Size
1.2MB
-
Sample
240908-lct81szfpa
-
MD5
d40827b3d8da9d229f8a8bf6720b4b8c
-
SHA1
ad0e644b8bc6d4c7061cebe57ef3d08d9106f147
-
SHA256
488f84503d541a2927788d2dfc29589bbded242156378bae0e73164d52188144
-
SHA512
8addad0d51ff9078fd19e101af1af3f42a9b768201ea471deecf045253260928c747311da10ff73287353a3eddbbdcc7e93b9c7e2dd4d6e79abbcf9650a5310e
-
SSDEEP
24576:RSeVNKRwTpJvHRs1Ml9nyeAoU2qil905FAyDqmsBc/XIMhXrndt7TOUMvCwlt:7NKSTpdxh+JE2l7ndtwl
Malware Config
Targets
-
-
Target
d40827b3d8da9d229f8a8bf6720b4b8c_JaffaCakes118
-
Size
1.2MB
-
MD5
d40827b3d8da9d229f8a8bf6720b4b8c
-
SHA1
ad0e644b8bc6d4c7061cebe57ef3d08d9106f147
-
SHA256
488f84503d541a2927788d2dfc29589bbded242156378bae0e73164d52188144
-
SHA512
8addad0d51ff9078fd19e101af1af3f42a9b768201ea471deecf045253260928c747311da10ff73287353a3eddbbdcc7e93b9c7e2dd4d6e79abbcf9650a5310e
-
SSDEEP
24576:RSeVNKRwTpJvHRs1Ml9nyeAoU2qil905FAyDqmsBc/XIMhXrndt7TOUMvCwlt:7NKSTpdxh+JE2l7ndtwl
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
ModiLoader Second Stage
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-