General
-
Target
f0e964545fb9be3164d2e809cfdda727_JaffaCakes118
-
Size
2.6MB
-
Sample
240922-angarasekn
-
MD5
f0e964545fb9be3164d2e809cfdda727
-
SHA1
d32a33ffed32269d0463ac319700ea43120bca95
-
SHA256
828db9ff37cd310b366df075b0e9a56f1dfa2b37860323e67a38b6adc0c25e69
-
SHA512
ffb51f711a593f6169760358b9c22d81eb6fb4b0daa9d5c0f62ab94ae90c98ddf8cb7ec1eebd1efa283accb6a0c0b05f32e9dda77a293e0d798ca7f8c01f9208
-
SSDEEP
49152:1i1453jShuUAmXchLvsuT881XwpzczXZEIqZS7/cs64EsP9+93B5f:1e453jEL40KgBaXZEbS7Ux4EC+vV
Malware Config
Targets
-
-
Target
f0e964545fb9be3164d2e809cfdda727_JaffaCakes118
-
Size
2.6MB
-
MD5
f0e964545fb9be3164d2e809cfdda727
-
SHA1
d32a33ffed32269d0463ac319700ea43120bca95
-
SHA256
828db9ff37cd310b366df075b0e9a56f1dfa2b37860323e67a38b6adc0c25e69
-
SHA512
ffb51f711a593f6169760358b9c22d81eb6fb4b0daa9d5c0f62ab94ae90c98ddf8cb7ec1eebd1efa283accb6a0c0b05f32e9dda77a293e0d798ca7f8c01f9208
-
SSDEEP
49152:1i1453jShuUAmXchLvsuT881XwpzczXZEIqZS7/cs64EsP9+93B5f:1e453jEL40KgBaXZEbS7Ux4EC+vV
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-