General
-
Target
7438e8bc6c673899bb69e10b72d9bad9ae78267ec4722a8ad7f55c8dc4ac6b80
-
Size
719KB
-
Sample
221123-xelv7seg49
-
MD5
5570f797cf9f931942975f8de5c2e6cd
-
SHA1
e7c17be2bd250bbfa925fc1c7446b80b08e88e08
-
SHA256
7438e8bc6c673899bb69e10b72d9bad9ae78267ec4722a8ad7f55c8dc4ac6b80
-
SHA512
c4694fca3cb9c8a6bbcd2cb8a52304e9f74cb91b9a74f7d6be77be5965ee77788e89e537e03eebc5865fe3313ce5c7697133873ef95afa72c19f8a797e863142
-
SSDEEP
12288:6XgPVmsO7H+JeYkZQors8sEyMGXxeKlX4EEPSwDfAmgBJbf8AwnBrRm8dZ/X:AoZ3J78GLX4bEmCb+rRvZ/X
Static task
static1
Behavioral task
behavioral1
Sample
7438e8bc6c673899bb69e10b72d9bad9ae78267ec4722a8ad7f55c8dc4ac6b80.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
7438e8bc6c673899bb69e10b72d9bad9ae78267ec4722a8ad7f55c8dc4ac6b80.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
7438e8bc6c673899bb69e10b72d9bad9ae78267ec4722a8ad7f55c8dc4ac6b80
-
Size
719KB
-
MD5
5570f797cf9f931942975f8de5c2e6cd
-
SHA1
e7c17be2bd250bbfa925fc1c7446b80b08e88e08
-
SHA256
7438e8bc6c673899bb69e10b72d9bad9ae78267ec4722a8ad7f55c8dc4ac6b80
-
SHA512
c4694fca3cb9c8a6bbcd2cb8a52304e9f74cb91b9a74f7d6be77be5965ee77788e89e537e03eebc5865fe3313ce5c7697133873ef95afa72c19f8a797e863142
-
SSDEEP
12288:6XgPVmsO7H+JeYkZQors8sEyMGXxeKlX4EEPSwDfAmgBJbf8AwnBrRm8dZ/X:AoZ3J78GLX4bEmCb+rRvZ/X
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modifies visiblity of hidden/system files in Explorer
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-