General
-
Target
0f92eae790fce354b6f7f4ddc2dd948110bd9d7f75bf137797ed1d7057ca8653
-
Size
767KB
-
Sample
221021-gelmfaebbm
-
MD5
127dae08f6eb3ed6ad048658d2bf0b83
-
SHA1
1f2136a8f880225f5dbab0a947846e69eac19dfd
-
SHA256
0f92eae790fce354b6f7f4ddc2dd948110bd9d7f75bf137797ed1d7057ca8653
-
SHA512
7dd7cd4670b2c18de2c254b1b05ee952623f2a14063e8a46ac8cafc92d5f9522d97882181f2665032aa18539090f24cf9a86acac46a4ae1e168aec91fe1dd7f8
-
SSDEEP
12288:QaANTNd2QMMmhtpQVnlrKzFPJYJ0Ze3MNxlpCtdRHY1dlLKhAFOijNbsPtwown7T:iNT72QMMErKFoPuoeO2RHaTKKOaNbeab
Malware Config
Targets
-
-
Target
0f92eae790fce354b6f7f4ddc2dd948110bd9d7f75bf137797ed1d7057ca8653
-
Size
767KB
-
MD5
127dae08f6eb3ed6ad048658d2bf0b83
-
SHA1
1f2136a8f880225f5dbab0a947846e69eac19dfd
-
SHA256
0f92eae790fce354b6f7f4ddc2dd948110bd9d7f75bf137797ed1d7057ca8653
-
SHA512
7dd7cd4670b2c18de2c254b1b05ee952623f2a14063e8a46ac8cafc92d5f9522d97882181f2665032aa18539090f24cf9a86acac46a4ae1e168aec91fe1dd7f8
-
SSDEEP
12288:QaANTNd2QMMmhtpQVnlrKzFPJYJ0Ze3MNxlpCtdRHY1dlLKhAFOijNbsPtwown7T:iNT72QMMErKFoPuoeO2RHaTKKOaNbeab
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
UAC bypass
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Deletes itself
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-