General
-
Target
9b93520faa88b85b354caafe082ac78c_JaffaCakes118
-
Size
5.2MB
-
Sample
241125-p1yg5atnbj
-
MD5
9b93520faa88b85b354caafe082ac78c
-
SHA1
0fc1a91f3e2e0169f4ec485271462efe0009e8d5
-
SHA256
c32dba544a6618d4a8028b7ee99c6405d5a686bb0231f1210f64027f1fa61176
-
SHA512
ed95e5c910d35972cfbfed99522af44a2bd49516cb65a303f6152c976f56d601683cd467373ce0f871a2bcbad51e9463a34325fe443c703a30f2b86c8da58012
-
SSDEEP
49152:ismZ0BJvyS9EQplsPhTpx29ZeTsq7stO5UNHeMAFr/U:ipZ03vpmk6ha9AstOiIz5
Static task
static1
Behavioral task
behavioral1
Sample
9b93520faa88b85b354caafe082ac78c_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
9b93520faa88b85b354caafe082ac78c_JaffaCakes118
-
Size
5.2MB
-
MD5
9b93520faa88b85b354caafe082ac78c
-
SHA1
0fc1a91f3e2e0169f4ec485271462efe0009e8d5
-
SHA256
c32dba544a6618d4a8028b7ee99c6405d5a686bb0231f1210f64027f1fa61176
-
SHA512
ed95e5c910d35972cfbfed99522af44a2bd49516cb65a303f6152c976f56d601683cd467373ce0f871a2bcbad51e9463a34325fe443c703a30f2b86c8da58012
-
SSDEEP
49152:ismZ0BJvyS9EQplsPhTpx29ZeTsq7stO5UNHeMAFr/U:ipZ03vpmk6ha9AstOiIz5
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-