General
-
Target
pdf.com
-
Size
132KB
-
Sample
210909-rnzkrsgce6
-
MD5
291110d28eb31d044e1ef45306aaebc5
-
SHA1
5dfb0ca60fc82d423da211d2397d4a39a4ed7587
-
SHA256
ca38bc5a74167b7931db40cb00e670773b696df8c2df0d17761b38a99d40941a
-
SHA512
505f930ddc4d370929ef5230ee14ec75acd3106d71b3f088fb39ab9fdbf98e6373ccf7ed4c97f87c58e1fdee33a17a663f3c894e814e0b83681b5494715854e8
Static task
static1
Behavioral task
behavioral1
Sample
pdf.com.exe
Resource
win7-en
Behavioral task
behavioral2
Sample
pdf.com.exe
Resource
win10v20210408
Malware Config
Targets
-
-
Target
pdf.com
-
Size
132KB
-
MD5
291110d28eb31d044e1ef45306aaebc5
-
SHA1
5dfb0ca60fc82d423da211d2397d4a39a4ed7587
-
SHA256
ca38bc5a74167b7931db40cb00e670773b696df8c2df0d17761b38a99d40941a
-
SHA512
505f930ddc4d370929ef5230ee14ec75acd3106d71b3f088fb39ab9fdbf98e6373ccf7ed4c97f87c58e1fdee33a17a663f3c894e814e0b83681b5494715854e8
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-