General
-
Target
a30fdc294d3e9f9eea323a7e3d09e563_JaffaCakes118
-
Size
2.6MB
-
Sample
241126-vc9s5szmay
-
MD5
a30fdc294d3e9f9eea323a7e3d09e563
-
SHA1
0c6e658bd213536a9745247c3d3e28aab217f72a
-
SHA256
f81591556f5260e528012afb7eea874e7f80e2b6a592243f40ebef5180a80aeb
-
SHA512
1b822d2b9df519c89715a7345015457ad9fcb5ca6c61df8bf35419885fee2a522f0387a40d590f1793c9a683687e44754ebd94032b76dc2700392192fd80b588
-
SSDEEP
49152:hTU8Zqq8wOHR2XN4eSRZLIYKV9zcaKIukf2zGYL2fSTvNCcCVjYAZNd5j8Tt5FCa:h4alg2XN4ewZ8YKHzhHRf/YL2fSTE9kX
Malware Config
Targets
-
-
Target
a30fdc294d3e9f9eea323a7e3d09e563_JaffaCakes118
-
Size
2.6MB
-
MD5
a30fdc294d3e9f9eea323a7e3d09e563
-
SHA1
0c6e658bd213536a9745247c3d3e28aab217f72a
-
SHA256
f81591556f5260e528012afb7eea874e7f80e2b6a592243f40ebef5180a80aeb
-
SHA512
1b822d2b9df519c89715a7345015457ad9fcb5ca6c61df8bf35419885fee2a522f0387a40d590f1793c9a683687e44754ebd94032b76dc2700392192fd80b588
-
SSDEEP
49152:hTU8Zqq8wOHR2XN4eSRZLIYKV9zcaKIukf2zGYL2fSTvNCcCVjYAZNd5j8Tt5FCa:h4alg2XN4ewZ8YKHzhHRf/YL2fSTE9kX
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-