General
-
Target
Setup.exe
-
Size
1.2MB
-
Sample
201121-nw5mf7dqhe
-
MD5
a65bb98a725359c25ea677337e7bc782
-
SHA1
e54df92418e386aa897e90ef7c635522de974ac5
-
SHA256
2caacde56329c3cb26c041d2535a5121d02fc195193f4046aabec42d61655d68
-
SHA512
795c85440ec8de558837e564e56b13c1976d8e27e004e829d532e61839aae73ae7e9d012a2f49a22dbd7de1d84585b8eb54e9f48561ae0dba30c668511e7407c
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Setup.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
Setup.exe
-
Size
1.2MB
-
MD5
a65bb98a725359c25ea677337e7bc782
-
SHA1
e54df92418e386aa897e90ef7c635522de974ac5
-
SHA256
2caacde56329c3cb26c041d2535a5121d02fc195193f4046aabec42d61655d68
-
SHA512
795c85440ec8de558837e564e56b13c1976d8e27e004e829d532e61839aae73ae7e9d012a2f49a22dbd7de1d84585b8eb54e9f48561ae0dba30c668511e7407c
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader First Stage
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-