General
-
Target
f5e90cf4317c1bbc07bfa3714bb47d09b3e76aec719e426cbc9d9ba16a7820a9
-
Size
1.2MB
-
Sample
220516-p7gg7aeheq
-
MD5
8514f4c038ed19f0b963c4374c283ce4
-
SHA1
7feb015a7ff690ec7bd8c425e4185674ecb1a8e2
-
SHA256
f5e90cf4317c1bbc07bfa3714bb47d09b3e76aec719e426cbc9d9ba16a7820a9
-
SHA512
e0a5712d7618c8ba18fd78250db2cc465471b2b8db59326ed33b34e9e0456d78e6379e946aae71569087fa3d07a33ca6ef03d98745808a6cbc40cc5adf85d689
Static task
static1
Behavioral task
behavioral1
Sample
f5e90cf4317c1bbc07bfa3714bb47d09b3e76aec719e426cbc9d9ba16a7820a9.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
f5e90cf4317c1bbc07bfa3714bb47d09b3e76aec719e426cbc9d9ba16a7820a9.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
modiloader
https://cdn.discordapp.com/attachments/748093730522791950/760005497381715978/Aqjiiiz
Targets
-
-
Target
f5e90cf4317c1bbc07bfa3714bb47d09b3e76aec719e426cbc9d9ba16a7820a9
-
Size
1.2MB
-
MD5
8514f4c038ed19f0b963c4374c283ce4
-
SHA1
7feb015a7ff690ec7bd8c425e4185674ecb1a8e2
-
SHA256
f5e90cf4317c1bbc07bfa3714bb47d09b3e76aec719e426cbc9d9ba16a7820a9
-
SHA512
e0a5712d7618c8ba18fd78250db2cc465471b2b8db59326ed33b34e9e0456d78e6379e946aae71569087fa3d07a33ca6ef03d98745808a6cbc40cc5adf85d689
Score10/10-
BitRAT Payload
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader First Stage
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-