General
-
Target
b1e96dc7fe244bf45f1b98b86a8308c5e8783635a946d9f154b8f530d6088fc3
-
Size
403KB
-
Sample
221003-3npw4scee6
-
MD5
6d2d377656cafb4628b7645632e67f17
-
SHA1
ba857f063021e0455b9fc0d730079fae6ff8e778
-
SHA256
b1e96dc7fe244bf45f1b98b86a8308c5e8783635a946d9f154b8f530d6088fc3
-
SHA512
561209d1c844ba700981836077f6eb1f558dcd379cfba864e736aff5b22426c69bb04f0fd25508098bc986c1ebfb9c13664d89737e3eee43cb4a9a871d0f2264
-
SSDEEP
6144:2KZu9u1Gy09Q0vRMOkCXE4aS+FQAi82WIr5IhKu2/WvD5ryTG8N:Hu9u1Gn9tvR9U4aS+F/hg1ui8rEbN
Static task
static1
Behavioral task
behavioral1
Sample
b1e96dc7fe244bf45f1b98b86a8308c5e8783635a946d9f154b8f530d6088fc3.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
b1e96dc7fe244bf45f1b98b86a8308c5e8783635a946d9f154b8f530d6088fc3.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
b1e96dc7fe244bf45f1b98b86a8308c5e8783635a946d9f154b8f530d6088fc3
-
Size
403KB
-
MD5
6d2d377656cafb4628b7645632e67f17
-
SHA1
ba857f063021e0455b9fc0d730079fae6ff8e778
-
SHA256
b1e96dc7fe244bf45f1b98b86a8308c5e8783635a946d9f154b8f530d6088fc3
-
SHA512
561209d1c844ba700981836077f6eb1f558dcd379cfba864e736aff5b22426c69bb04f0fd25508098bc986c1ebfb9c13664d89737e3eee43cb4a9a871d0f2264
-
SSDEEP
6144:2KZu9u1Gy09Q0vRMOkCXE4aS+FQAi82WIr5IhKu2/WvD5ryTG8N:Hu9u1Gn9tvR9U4aS+F/hg1ui8rEbN
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks for common network interception software
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VirtualBox drivers on disk
-
ModiLoader Second Stage
-
Adds policy Run key to start application
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-