General
-
Target
cb7d40ded5b771e19e3c8cb1ea484805_JaffaCakes118
-
Size
218KB
-
Sample
241206-g5b6paznfj
-
MD5
cb7d40ded5b771e19e3c8cb1ea484805
-
SHA1
336554d1f03f8740ecd6be12b031911c5963ab3c
-
SHA256
1ed33096379abcac370501dfc3e230be24c87f406a215802a5ce5390eb8d1177
-
SHA512
ca25480609ba59b610c73e03423b0bf574ec02bf319cd16bfaa173090926d5cc49f3bd5482087c66677ce1a0ab300133e464fa01161b9a644ea88164ca8b820c
-
SSDEEP
6144:0PkAnUpxcp929I4AyvtXCOEKrKzC45Eu81b7t2:0PUp4M9I6vtdEKrKzr5Ej1bJ2
Malware Config
Targets
-
-
Target
cb7d40ded5b771e19e3c8cb1ea484805_JaffaCakes118
-
Size
218KB
-
MD5
cb7d40ded5b771e19e3c8cb1ea484805
-
SHA1
336554d1f03f8740ecd6be12b031911c5963ab3c
-
SHA256
1ed33096379abcac370501dfc3e230be24c87f406a215802a5ce5390eb8d1177
-
SHA512
ca25480609ba59b610c73e03423b0bf574ec02bf319cd16bfaa173090926d5cc49f3bd5482087c66677ce1a0ab300133e464fa01161b9a644ea88164ca8b820c
-
SSDEEP
6144:0PkAnUpxcp929I4AyvtXCOEKrKzC45Eu81b7t2:0PUp4M9I6vtdEKrKzr5Ej1bJ2
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-