General
-
Target
fc4b58860f4181cd9851bf66a4ebfcee69fa0bf39cab94faba76f3057a0e3201
-
Size
719KB
-
Sample
221123-ww7cssdb68
-
MD5
1728d2b90576852cde01e332e2bbf554
-
SHA1
ce7d4faf8076652a432b494094563af49657bbc0
-
SHA256
fc4b58860f4181cd9851bf66a4ebfcee69fa0bf39cab94faba76f3057a0e3201
-
SHA512
90070e7f4591c65ad33e6d64deb9b1ff4039ae1ac0777230869ffbd33ef4b3e5327b97c0bd6112f142aa6ee053910bfbafb952d7ecf28cced4ee41553fb12b03
-
SSDEEP
12288:6XgPVmsO7H+JeYkZQors8sEyMGXxewlX4EEPSwDfAmgBJbf8AwnBrRm8dZ/X:AoZ3J78GVX4bEmCb+rRvZ/X
Malware Config
Targets
-
-
Target
fc4b58860f4181cd9851bf66a4ebfcee69fa0bf39cab94faba76f3057a0e3201
-
Size
719KB
-
MD5
1728d2b90576852cde01e332e2bbf554
-
SHA1
ce7d4faf8076652a432b494094563af49657bbc0
-
SHA256
fc4b58860f4181cd9851bf66a4ebfcee69fa0bf39cab94faba76f3057a0e3201
-
SHA512
90070e7f4591c65ad33e6d64deb9b1ff4039ae1ac0777230869ffbd33ef4b3e5327b97c0bd6112f142aa6ee053910bfbafb952d7ecf28cced4ee41553fb12b03
-
SSDEEP
12288:6XgPVmsO7H+JeYkZQors8sEyMGXxewlX4EEPSwDfAmgBJbf8AwnBrRm8dZ/X:AoZ3J78GVX4bEmCb+rRvZ/X
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modifies visiblity of hidden/system files in Explorer
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-