General
-
Target
DHL_0098704.IMG
-
Size
1.4MB
-
Sample
210913-t6nbkaeba9
-
MD5
5a1da3aa02cb6d8e2fa0307f3816f5df
-
SHA1
60123665c571b37f0beee94899dd2072046e4a5a
-
SHA256
20bc0922b1ea5abebc48e3ce4434dbe37ef748704d0b68dc07b3631d52efc486
-
SHA512
dbcb3b98251222fdac65628c398d40520da41c415272454e18d58c709e47524b7373041e8aeeeb22a7bb1e1fcb45bf8e2ea836bf863ae2f649f6a30ce6f84efa
Static task
static1
Behavioral task
behavioral1
Sample
UBHSXNUQ.EXE
Resource
win7-en
Behavioral task
behavioral2
Sample
UBHSXNUQ.EXE
Resource
win10-en
Malware Config
Targets
-
-
Target
UBHSXNUQ.EXE
-
Size
835KB
-
MD5
bdd5bed3e1df79003329e61a16040535
-
SHA1
d197c51c4174ca8e6dc1824d51b3af3a617f0ee3
-
SHA256
e506b889ba308697f0a32ef807b7fb3c52ef2d8a97d074ffd9d6920731d99770
-
SHA512
3001016ca703295aeea5523e4624395981acad9cb36dc0df5c604cc65308db6e99c412c467d1fe68d48733b1c81ca6bd7654917a0116fb0228f57494ecf34d81
Score10/10-
BitRAT Payload
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-