General
-
Target
f36adf25c1587c984dd8c0faf357f6de_JaffaCakes118
-
Size
2.7MB
-
Sample
240924-mbwwwsthng
-
MD5
f36adf25c1587c984dd8c0faf357f6de
-
SHA1
0e2129ffedbdaa13e5cf69aa1625bc1830e5d629
-
SHA256
33d1c346f1d298210b00eb8ad3f2a70989b87fb13594cf40c0dbe11716fcb0fd
-
SHA512
80ea212f0a71cc883413b8ede12a200a550ab06f38eb22074cbaca22a5c1fba26d49f3c2553a8766004c1aa9fd7b16e6a08051c00acaeda008a4fa9b7f6a61f8
-
SSDEEP
49152:srPDYjNxDYc2qJnep0QUumlhO1YTL8WURFPObeQ3s5Ax37lzOI4WSR:2+9JuBMhO1yLOybeQ8c5yJR
Malware Config
Targets
-
-
Target
f36adf25c1587c984dd8c0faf357f6de_JaffaCakes118
-
Size
2.7MB
-
MD5
f36adf25c1587c984dd8c0faf357f6de
-
SHA1
0e2129ffedbdaa13e5cf69aa1625bc1830e5d629
-
SHA256
33d1c346f1d298210b00eb8ad3f2a70989b87fb13594cf40c0dbe11716fcb0fd
-
SHA512
80ea212f0a71cc883413b8ede12a200a550ab06f38eb22074cbaca22a5c1fba26d49f3c2553a8766004c1aa9fd7b16e6a08051c00acaeda008a4fa9b7f6a61f8
-
SSDEEP
49152:srPDYjNxDYc2qJnep0QUumlhO1YTL8WURFPObeQ3s5Ax37lzOI4WSR:2+9JuBMhO1yLOybeQ8c5yJR
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-