Analysis
-
max time kernel
166s -
max time network
172s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
30-01-2022 07:33
Static task
static1
Behavioral task
behavioral1
Sample
BKLULYOT.exe
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
BKLULYOT.exe
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
BKLULYOT.exe
-
Size
755KB
-
MD5
2cb79bcce5050528580bf880f47d9d61
-
SHA1
32e93d278b70caf5156e8bb1d7bfc8e29658fccc
-
SHA256
a00a856f0d85fcb7f485777ae81a0b1c52974bb1cd2482ba5e987a7ce8207511
-
SHA512
a32393ece3ac9e4ff24ae1d50bf81657c4d83772b96bcdcb9c9d6590e0570f2f2c3ebd15ff21cf76be482f292b80138b301159a3bc0d3a4c50e7e215cf0c5b94
Score
10/10
Malware Config
Signatures
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader First Stage 1 IoCs
Processes:
resource yara_rule behavioral2/memory/1360-116-0x00000000006C1000-0x00000000006D5000-memory.dmp modiloader_stage1