General
-
Target
a25c032f736a088ad2574afdfbf10662aacbfd0f14d05ae215033fd4eb21687e
-
Size
469KB
-
Sample
221003-z1rppaffb5
-
MD5
6e71b03e5960833cbb2c2481021b88ff
-
SHA1
dbc74d18dacc08e430ad631e4e209bf68d2dbd58
-
SHA256
a25c032f736a088ad2574afdfbf10662aacbfd0f14d05ae215033fd4eb21687e
-
SHA512
715202ae07c00caef82d9195eba32906eb3d497cee609627cb5e47ebc05d969a446fc9e0d97d126ee9031c072978890b5995feb5af22324e6cfa421f41a9372a
-
SSDEEP
12288:QHNJ+AW24baYK5hf8bryyAjsfl86uSlQ/:muAW2QK518bry5UuSlc
Malware Config
Targets
-
-
Target
a25c032f736a088ad2574afdfbf10662aacbfd0f14d05ae215033fd4eb21687e
-
Size
469KB
-
MD5
6e71b03e5960833cbb2c2481021b88ff
-
SHA1
dbc74d18dacc08e430ad631e4e209bf68d2dbd58
-
SHA256
a25c032f736a088ad2574afdfbf10662aacbfd0f14d05ae215033fd4eb21687e
-
SHA512
715202ae07c00caef82d9195eba32906eb3d497cee609627cb5e47ebc05d969a446fc9e0d97d126ee9031c072978890b5995feb5af22324e6cfa421f41a9372a
-
SSDEEP
12288:QHNJ+AW24baYK5hf8bryyAjsfl86uSlQ/:muAW2QK518bry5UuSlc
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks for common network interception software
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VirtualBox drivers on disk
-
ModiLoader Second Stage
-
Adds policy Run key to start application
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-