General
-
Target
24dbcadb075f4a39cbbb207433033b487976b2d61b6e0d8dc1f0524df5680518
-
Size
1015KB
-
Sample
220512-n2219sdea2
-
MD5
b94300ec827b9ea137aa3c1625147557
-
SHA1
a5a704197c5e14154eb2523e1ac391feee87fe45
-
SHA256
24dbcadb075f4a39cbbb207433033b487976b2d61b6e0d8dc1f0524df5680518
-
SHA512
3cb9c974d634eda922d7acaef98eb8f58a4ec07de862e740e6b086428b320c3c02c93c9f0ce8c32e2bdbb87af8f83dbf6373dcc55c1987c53ad2625ec570e2fd
Static task
static1
Behavioral task
behavioral1
Sample
24dbcadb075f4a39cbbb207433033b487976b2d61b6e0d8dc1f0524df5680518.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
24dbcadb075f4a39cbbb207433033b487976b2d61b6e0d8dc1f0524df5680518.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
24dbcadb075f4a39cbbb207433033b487976b2d61b6e0d8dc1f0524df5680518
-
Size
1015KB
-
MD5
b94300ec827b9ea137aa3c1625147557
-
SHA1
a5a704197c5e14154eb2523e1ac391feee87fe45
-
SHA256
24dbcadb075f4a39cbbb207433033b487976b2d61b6e0d8dc1f0524df5680518
-
SHA512
3cb9c974d634eda922d7acaef98eb8f58a4ec07de862e740e6b086428b320c3c02c93c9f0ce8c32e2bdbb87af8f83dbf6373dcc55c1987c53ad2625ec570e2fd
Score10/10-
BitRAT Payload
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-