General
-
Target
ec10b9e4b89941d8803e3082f6d0180f08a94f7a935fb1efffdb1b9eefd76965
-
Size
74KB
-
Sample
211121-qm1k1adhhn
-
MD5
c136e024602cd79f3496d006d77c8759
-
SHA1
83a895fb74929ed820a39d0d4752e0c3dcb3a913
-
SHA256
ec10b9e4b89941d8803e3082f6d0180f08a94f7a935fb1efffdb1b9eefd76965
-
SHA512
f4ab3b4395b73067eda39491462a892c498169f532bdd20d12c1247b2597f1fde25b284686494e79eb161a7d1045dee21ad2cd97cdd47fb08c36e99b68fc3046
Malware Config
Targets
-
-
Target
ec10b9e4b89941d8803e3082f6d0180f08a94f7a935fb1efffdb1b9eefd76965
-
Size
74KB
-
MD5
c136e024602cd79f3496d006d77c8759
-
SHA1
83a895fb74929ed820a39d0d4752e0c3dcb3a913
-
SHA256
ec10b9e4b89941d8803e3082f6d0180f08a94f7a935fb1efffdb1b9eefd76965
-
SHA512
f4ab3b4395b73067eda39491462a892c498169f532bdd20d12c1247b2597f1fde25b284686494e79eb161a7d1045dee21ad2cd97cdd47fb08c36e99b68fc3046
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
suricata: ET MALWARE Win32/Delf.BLL Variant CnC Activity (Inbound)
suricata: ET MALWARE Win32/Delf.BLL Variant CnC Activity (Inbound)
-
suricata: ET MALWARE Win32/Delf.BLL Variant CnC Activity (Outbound)
suricata: ET MALWARE Win32/Delf.BLL Variant CnC Activity (Outbound)
-
ModiLoader First Stage
-
Executes dropped EXE
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-