General
-
Target
830eebe6df9b3a630e5f1121edf9b6e0_JaffaCakes118
-
Size
2.6MB
-
Sample
241031-pw69gayfrj
-
MD5
830eebe6df9b3a630e5f1121edf9b6e0
-
SHA1
4bc91575fcd1e1d23d29173e46e6b3799dfd356a
-
SHA256
133d300f84e5618555830faf95b9e18d476baf6632f3fe7ddcea80edcf8e26d9
-
SHA512
4e0dc4b58fba5a0db76f330bf4fa7e1ee927a784fd41fa22d9e4558215c4b7a537cc2553d305f26bfe0597f64e38600b5e54ea202e26ec09ca5a4ca92caec5f0
-
SSDEEP
49152:jZL0aQAKFCXmYXjXOWd+hikewCSCOcjCjF/KYmP/yJOnpvkJMLJz:jZL0EKCXmYXjX7hwDBix6QpMJMLJz
Static task
static1
Behavioral task
behavioral1
Sample
830eebe6df9b3a630e5f1121edf9b6e0_JaffaCakes118.exe
Resource
win7-20241010-en
Malware Config
Targets
-
-
Target
830eebe6df9b3a630e5f1121edf9b6e0_JaffaCakes118
-
Size
2.6MB
-
MD5
830eebe6df9b3a630e5f1121edf9b6e0
-
SHA1
4bc91575fcd1e1d23d29173e46e6b3799dfd356a
-
SHA256
133d300f84e5618555830faf95b9e18d476baf6632f3fe7ddcea80edcf8e26d9
-
SHA512
4e0dc4b58fba5a0db76f330bf4fa7e1ee927a784fd41fa22d9e4558215c4b7a537cc2553d305f26bfe0597f64e38600b5e54ea202e26ec09ca5a4ca92caec5f0
-
SSDEEP
49152:jZL0aQAKFCXmYXjXOWd+hikewCSCOcjCjF/KYmP/yJOnpvkJMLJz:jZL0EKCXmYXjX7hwDBix6QpMJMLJz
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-