General
-
Target
28920de5f1a16d20eb01e17bee84c2144eefa938bf0653e4165e3ff18b9244cc
-
Size
2.9MB
-
Sample
220704-rp5s6shgfp
-
MD5
69b17d0f9389404a1228d310198b33e9
-
SHA1
d70d61353e3ce850e6891623336ebdab931d5530
-
SHA256
28920de5f1a16d20eb01e17bee84c2144eefa938bf0653e4165e3ff18b9244cc
-
SHA512
6e4523f25ac22c39e3f942646ab85677cb65b367dc28e30d2e2cf69fe23692f160708afcfd9b31f3f85cae7f87eccd7c96a7fedcd30c23b0e768fd40b6012af8
Static task
static1
Behavioral task
behavioral1
Sample
28920de5f1a16d20eb01e17bee84c2144eefa938bf0653e4165e3ff18b9244cc.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
28920de5f1a16d20eb01e17bee84c2144eefa938bf0653e4165e3ff18b9244cc
-
Size
2.9MB
-
MD5
69b17d0f9389404a1228d310198b33e9
-
SHA1
d70d61353e3ce850e6891623336ebdab931d5530
-
SHA256
28920de5f1a16d20eb01e17bee84c2144eefa938bf0653e4165e3ff18b9244cc
-
SHA512
6e4523f25ac22c39e3f942646ab85677cb65b367dc28e30d2e2cf69fe23692f160708afcfd9b31f3f85cae7f87eccd7c96a7fedcd30c23b0e768fd40b6012af8
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
ModiLoader Second Stage
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-