General
-
Target
5c3e231c8ca3e0c8cb679599d70f8642614f3895cdf3b4c25de0f0c46d83c1ec
-
Size
484KB
-
Sample
220801-slxttsbffp
-
MD5
812db304d3c512908f8392487341f8d6
-
SHA1
4ceb748ca2cade684c838f165643a1931ad3bc24
-
SHA256
5c3e231c8ca3e0c8cb679599d70f8642614f3895cdf3b4c25de0f0c46d83c1ec
-
SHA512
a2255a2db88fab255a345a866dc39c679e4a4b04e33ec697265ebcaadbd9d2bf78f9e0d473ebe9732539539d6677f4b4a5deaa6d181b28ace5a934a4a92340e8
Static task
static1
Behavioral task
behavioral1
Sample
5c3e231c8ca3e0c8cb679599d70f8642614f3895cdf3b4c25de0f0c46d83c1ec.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
5c3e231c8ca3e0c8cb679599d70f8642614f3895cdf3b4c25de0f0c46d83c1ec.exe
Resource
win10v2004-20220722-en
Malware Config
Targets
-
-
Target
5c3e231c8ca3e0c8cb679599d70f8642614f3895cdf3b4c25de0f0c46d83c1ec
-
Size
484KB
-
MD5
812db304d3c512908f8392487341f8d6
-
SHA1
4ceb748ca2cade684c838f165643a1931ad3bc24
-
SHA256
5c3e231c8ca3e0c8cb679599d70f8642614f3895cdf3b4c25de0f0c46d83c1ec
-
SHA512
a2255a2db88fab255a345a866dc39c679e4a4b04e33ec697265ebcaadbd9d2bf78f9e0d473ebe9732539539d6677f4b4a5deaa6d181b28ace5a934a4a92340e8
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Checks for common network interception software
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
-
Looks for VirtualBox Guest Additions in registry
-
ModiLoader Second Stage
-
Adds policy Run key to start application
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-