General
-
Target
0278ff901e7fefb95050c6c2c879d988_JaffaCakes118
-
Size
1002KB
-
Sample
240930-vz3ncaxbkl
-
MD5
0278ff901e7fefb95050c6c2c879d988
-
SHA1
dbe14ad3ec092f1975fe79747349e9d8497c1c91
-
SHA256
12d78165a370b09add0062a8f51baff194dfb73a375c24451bfb0ae1fe999f8a
-
SHA512
cf56e9a21be30a07a80fdd7bbfb117890bddd4241c8da36d1878ca3ebdabaa97c46f8b2704cdf38a5420f1e84989aa5c982086ec2c99e078dd9771e662a21de1
-
SSDEEP
24576:8btYKYmJX6b4IpEJM6wvNKHRJcUIaBxxd1XL/Q+5zfJJVoSp99I1:lKP5E4KEiugYBbP5fVB98
Malware Config
Targets
-
-
Target
0278ff901e7fefb95050c6c2c879d988_JaffaCakes118
-
Size
1002KB
-
MD5
0278ff901e7fefb95050c6c2c879d988
-
SHA1
dbe14ad3ec092f1975fe79747349e9d8497c1c91
-
SHA256
12d78165a370b09add0062a8f51baff194dfb73a375c24451bfb0ae1fe999f8a
-
SHA512
cf56e9a21be30a07a80fdd7bbfb117890bddd4241c8da36d1878ca3ebdabaa97c46f8b2704cdf38a5420f1e84989aa5c982086ec2c99e078dd9771e662a21de1
-
SSDEEP
24576:8btYKYmJX6b4IpEJM6wvNKHRJcUIaBxxd1XL/Q+5zfJJVoSp99I1:lKP5E4KEiugYBbP5fVB98
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Deletes itself
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Checks whether UAC is enabled
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-