General
-
Target
1bb1228085b5eadbcf0cf2058898c881027e0b01851f0e0da0f50a27d06e14ae
-
Size
462KB
-
Sample
221003-bye14safh9
-
MD5
666b9e1d361bd7a6403fabc57497ee4b
-
SHA1
fb85bf038c3461eff1d9c13a155413e5bf578c3c
-
SHA256
1bb1228085b5eadbcf0cf2058898c881027e0b01851f0e0da0f50a27d06e14ae
-
SHA512
ca341f0ccc88305f63303301d401cbe4f66622f816d6d66afa9609f5ab3e648bf8eaa64bdf0cb4a63a82243c3948c53ff9c676e9503194cf0827697c0d74ca5b
-
SSDEEP
12288:qLVbxlL+pApJcE/Rbr73S9DXo72bKWpEBHBcVmb:qLwi5X72D8HBcV0
Static task
static1
Behavioral task
behavioral1
Sample
1bb1228085b5eadbcf0cf2058898c881027e0b01851f0e0da0f50a27d06e14ae.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
1bb1228085b5eadbcf0cf2058898c881027e0b01851f0e0da0f50a27d06e14ae.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
1bb1228085b5eadbcf0cf2058898c881027e0b01851f0e0da0f50a27d06e14ae
-
Size
462KB
-
MD5
666b9e1d361bd7a6403fabc57497ee4b
-
SHA1
fb85bf038c3461eff1d9c13a155413e5bf578c3c
-
SHA256
1bb1228085b5eadbcf0cf2058898c881027e0b01851f0e0da0f50a27d06e14ae
-
SHA512
ca341f0ccc88305f63303301d401cbe4f66622f816d6d66afa9609f5ab3e648bf8eaa64bdf0cb4a63a82243c3948c53ff9c676e9503194cf0827697c0d74ca5b
-
SSDEEP
12288:qLVbxlL+pApJcE/Rbr73S9DXo72bKWpEBHBcVmb:qLwi5X72D8HBcV0
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Checks for common network interception software
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
-
Looks for VirtualBox Guest Additions in registry
-
ModiLoader Second Stage
-
Adds policy Run key to start application
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-