General
-
Target
fe396eb00e61ae69f6d8989d2f0508f6_JaffaCakes118
-
Size
2.6MB
-
Sample
240929-k9564s1anh
-
MD5
fe396eb00e61ae69f6d8989d2f0508f6
-
SHA1
be807d03133c855da73f3e1fc5576f7eb2620434
-
SHA256
7d1c93b04351d44fedf7abb9dbeabc714cc93fd2cc75c7b6302e66470d265335
-
SHA512
110d3751414420fcad0b280caef483662f48fef33189325c5a6dd049bde9b940382508f06e31a88ed58f31a74a2430a006a78cfbd4bea0ab71a8da8b3fd0e938
-
SSDEEP
49152:K9ZXUbTvjxp2+noKr+cd5C3NRmsDuPC0PtiiBaH6q0YcU3PuLaO:K4/r7JUcd5WmsDuq0FiH6q0YB3Puu
Malware Config
Targets
-
-
Target
fe396eb00e61ae69f6d8989d2f0508f6_JaffaCakes118
-
Size
2.6MB
-
MD5
fe396eb00e61ae69f6d8989d2f0508f6
-
SHA1
be807d03133c855da73f3e1fc5576f7eb2620434
-
SHA256
7d1c93b04351d44fedf7abb9dbeabc714cc93fd2cc75c7b6302e66470d265335
-
SHA512
110d3751414420fcad0b280caef483662f48fef33189325c5a6dd049bde9b940382508f06e31a88ed58f31a74a2430a006a78cfbd4bea0ab71a8da8b3fd0e938
-
SSDEEP
49152:K9ZXUbTvjxp2+noKr+cd5C3NRmsDuPC0PtiiBaH6q0YcU3PuLaO:K4/r7JUcd5WmsDuq0FiH6q0YB3Puu
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-