General
-
Target
fd56d284341559703ea6a9792f8ecc9b_JaffaCakes118
-
Size
5.2MB
-
Sample
240928-29cm8szhkp
-
MD5
fd56d284341559703ea6a9792f8ecc9b
-
SHA1
8a38ed7cc357725cfc21927c2da013e48d1bd2e3
-
SHA256
c729aab3a04eb7888750b97835c6fb9a7974ef9df06d58182c562b6cf33accd3
-
SHA512
0a82bdc30f27e84225f41b626a009b2d0fcfcea236bf15f28f2f66abee17b07974daf1c81b1bc3137bb3f08a268a88c61d15e2cd87e7022986fb07532d5a6039
-
SSDEEP
49152:oPFeAAMxjzpSpI77f+79ZLGGTuq31tkm1FNLMCcONyXlZ:qFevmPko7fKXLGcbCmZnzNyXT
Malware Config
Targets
-
-
Target
fd56d284341559703ea6a9792f8ecc9b_JaffaCakes118
-
Size
5.2MB
-
MD5
fd56d284341559703ea6a9792f8ecc9b
-
SHA1
8a38ed7cc357725cfc21927c2da013e48d1bd2e3
-
SHA256
c729aab3a04eb7888750b97835c6fb9a7974ef9df06d58182c562b6cf33accd3
-
SHA512
0a82bdc30f27e84225f41b626a009b2d0fcfcea236bf15f28f2f66abee17b07974daf1c81b1bc3137bb3f08a268a88c61d15e2cd87e7022986fb07532d5a6039
-
SSDEEP
49152:oPFeAAMxjzpSpI77f+79ZLGGTuq31tkm1FNLMCcONyXlZ:qFevmPko7fKXLGcbCmZnzNyXT
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-