General
-
Target
SecuriteInfo.com.Win32.Malware-gen.8349.exe
-
Size
952KB
-
Sample
220921-eqw67saegk
-
MD5
2d52567e48fe4e5f5c9035bb5bdb2b37
-
SHA1
54042b06cee489a3ef46e51440ad2fd3e4c5a14e
-
SHA256
96c1db348aa67b1fae276b04f213b50936fad0e044042b6c43a7d2c8f15d4c1c
-
SHA512
7fce0a142a25bc991827708a632f12630131a6034884a889ea4bedaa3e43b06b24ecdb839c12d2e448e4f98b893903cf3221bb9c34e36f0938044db5d68cb9e2
-
SSDEEP
24576:CyQCv11PbnjANYPAj81OUo6w7tNTa9W8AoqiVNW:CIP6sOUzM
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.Malware-gen.8349.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.Malware-gen.8349.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
bitrat
1.38
febbit2.ddns.net:6655
-
communication_password
81dc9bdb52d04dc20036dbd8313ed055
-
tor_process
tor
Targets
-
-
Target
SecuriteInfo.com.Win32.Malware-gen.8349.exe
-
Size
952KB
-
MD5
2d52567e48fe4e5f5c9035bb5bdb2b37
-
SHA1
54042b06cee489a3ef46e51440ad2fd3e4c5a14e
-
SHA256
96c1db348aa67b1fae276b04f213b50936fad0e044042b6c43a7d2c8f15d4c1c
-
SHA512
7fce0a142a25bc991827708a632f12630131a6034884a889ea4bedaa3e43b06b24ecdb839c12d2e448e4f98b893903cf3221bb9c34e36f0938044db5d68cb9e2
-
SSDEEP
24576:CyQCv11PbnjANYPAj81OUo6w7tNTa9W8AoqiVNW:CIP6sOUzM
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-