General
-
Target
ac187f20dd6d236366c5e69258b9a44c_JaffaCakes118
-
Size
2.6MB
-
Sample
241128-m3tkvavphz
-
MD5
ac187f20dd6d236366c5e69258b9a44c
-
SHA1
7136ecf95a1a983c0bf4ec66f09d9831ae9a0459
-
SHA256
a2bc0a37c8baa437fa44e3ac326a415b6aedf18af6462a5ee1907a6afd47d751
-
SHA512
a1e126a96db83717653c402ece0a8432eb9d74fdba1dae03151142526c724c3348c86754db298469c09fd959077cc91707840a3614ba10e6abffe2699c97dd89
-
SSDEEP
49152:DKaGbK7QdpzLixikoLw/OrQ6tdXg5az7hx/SDNDHWZGDwU05yhu:mKwG1oLwQg5+7hxOUZGMC
Malware Config
Targets
-
-
Target
ac187f20dd6d236366c5e69258b9a44c_JaffaCakes118
-
Size
2.6MB
-
MD5
ac187f20dd6d236366c5e69258b9a44c
-
SHA1
7136ecf95a1a983c0bf4ec66f09d9831ae9a0459
-
SHA256
a2bc0a37c8baa437fa44e3ac326a415b6aedf18af6462a5ee1907a6afd47d751
-
SHA512
a1e126a96db83717653c402ece0a8432eb9d74fdba1dae03151142526c724c3348c86754db298469c09fd959077cc91707840a3614ba10e6abffe2699c97dd89
-
SSDEEP
49152:DKaGbK7QdpzLixikoLw/OrQ6tdXg5az7hx/SDNDHWZGDwU05yhu:mKwG1oLwQg5+7hxOUZGMC
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-