General
-
Target
e51b30bf9b0c6ac4653a5e0e3d47e53e.exe
-
Size
1.3MB
-
Sample
210224-d2b3gmmgkn
-
MD5
e51b30bf9b0c6ac4653a5e0e3d47e53e
-
SHA1
284bc580ff365a2c8ae9602e96d8e1a7cbff30b7
-
SHA256
2b9ab52795f34af8e45a80c88ebd53c725bcccdab49aee05a8b848566e8c3b28
-
SHA512
47617da1880ef2753d621b0639f1a868f88a945db5176fc2422165f181ec7613e175038c4d74067cd1447f44e3b26263e720a8f3bd302c957c2807cd77e43bce
Static task
static1
Behavioral task
behavioral1
Sample
e51b30bf9b0c6ac4653a5e0e3d47e53e.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
e51b30bf9b0c6ac4653a5e0e3d47e53e.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
e51b30bf9b0c6ac4653a5e0e3d47e53e.exe
-
Size
1.3MB
-
MD5
e51b30bf9b0c6ac4653a5e0e3d47e53e
-
SHA1
284bc580ff365a2c8ae9602e96d8e1a7cbff30b7
-
SHA256
2b9ab52795f34af8e45a80c88ebd53c725bcccdab49aee05a8b848566e8c3b28
-
SHA512
47617da1880ef2753d621b0639f1a868f88a945db5176fc2422165f181ec7613e175038c4d74067cd1447f44e3b26263e720a8f3bd302c957c2807cd77e43bce
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader First Stage
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-