General
-
Target
34cbdb4b5e7f77e2485e8caf90d7756448cfc5efc9f0623e906b7cbc2f63f454
-
Size
719KB
-
Sample
221003-dhkyjaegdm
-
MD5
6becf844a4fa08cb6c72e5f20f0820ba
-
SHA1
f2a45b8442f3c8daff48c618e67f50e141bface3
-
SHA256
34cbdb4b5e7f77e2485e8caf90d7756448cfc5efc9f0623e906b7cbc2f63f454
-
SHA512
35f4d101e782e5b3ff46544fc092bccd143b9ba72975fa126383c2598518ae32505cec16b3018d8fe03dfc3777d705a9b290ffbbe063305fd841eab380b69cda
-
SSDEEP
12288:6XgPVmsO7H+JeYkZQors8sEyMGXxeFlX4EEPSwDfAmgBJbf8AwnBrRm8dZ/X:AoZ3J78GSX4bEmCb+rRvZ/X
Static task
static1
Behavioral task
behavioral1
Sample
34cbdb4b5e7f77e2485e8caf90d7756448cfc5efc9f0623e906b7cbc2f63f454.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
34cbdb4b5e7f77e2485e8caf90d7756448cfc5efc9f0623e906b7cbc2f63f454.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
34cbdb4b5e7f77e2485e8caf90d7756448cfc5efc9f0623e906b7cbc2f63f454
-
Size
719KB
-
MD5
6becf844a4fa08cb6c72e5f20f0820ba
-
SHA1
f2a45b8442f3c8daff48c618e67f50e141bface3
-
SHA256
34cbdb4b5e7f77e2485e8caf90d7756448cfc5efc9f0623e906b7cbc2f63f454
-
SHA512
35f4d101e782e5b3ff46544fc092bccd143b9ba72975fa126383c2598518ae32505cec16b3018d8fe03dfc3777d705a9b290ffbbe063305fd841eab380b69cda
-
SSDEEP
12288:6XgPVmsO7H+JeYkZQors8sEyMGXxeFlX4EEPSwDfAmgBJbf8AwnBrRm8dZ/X:AoZ3J78GSX4bEmCb+rRvZ/X
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modifies visiblity of hidden/system files in Explorer
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-