General
-
Target
7b98554d2ad0041be3a00121d8fcf9c3
-
Size
1.1MB
-
Sample
211211-s5xceabdg3
-
MD5
7b98554d2ad0041be3a00121d8fcf9c3
-
SHA1
187a35c3e84d0b4afef32705987c840f6729e133
-
SHA256
f83ad7329b642727ff0e4b9f4b690ad55588f605000ecb6643ac959f1a8f0b61
-
SHA512
324abecfd87060a9dd7b7a151eb8502f72123c242dee4ac3387c6d6ba3c92f6a4a452a006e58bf897b1a8af803686c5975e58dfb29bb3bd45aebc810ed264cab
Static task
static1
Behavioral task
behavioral1
Sample
7b98554d2ad0041be3a00121d8fcf9c3.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
7b98554d2ad0041be3a00121d8fcf9c3.exe
Resource
win10-en-20211208
Malware Config
Targets
-
-
Target
7b98554d2ad0041be3a00121d8fcf9c3
-
Size
1.1MB
-
MD5
7b98554d2ad0041be3a00121d8fcf9c3
-
SHA1
187a35c3e84d0b4afef32705987c840f6729e133
-
SHA256
f83ad7329b642727ff0e4b9f4b690ad55588f605000ecb6643ac959f1a8f0b61
-
SHA512
324abecfd87060a9dd7b7a151eb8502f72123c242dee4ac3387c6d6ba3c92f6a4a452a006e58bf897b1a8af803686c5975e58dfb29bb3bd45aebc810ed264cab
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader First Stage
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-