General
-
Target
1707785106445bf2739a351ab8d200015920752c2de957d950599a71d463c6f2
-
Size
1.1MB
-
Sample
221124-eaw69sac4t
-
MD5
a87e39a2994260ace4ff450bc209eaa8
-
SHA1
a6772a1894a70969764e56f7575d838980ccd33b
-
SHA256
1707785106445bf2739a351ab8d200015920752c2de957d950599a71d463c6f2
-
SHA512
00f2ad75748dbf63e952c80c0e3140bf251c9b9e8e72b508b9ffdd9602ee3c499860866da73b677ab76005d7556684f217ba39b1fa94e4baee15adb4e67a1a0e
-
SSDEEP
24576:fOdeuxwMYxd+LZNUVwTgSluLV8+rfibJ4G8Jxxk+X0o4C4HMirof:mdpxlYxYUwgssZfA4G8JxxGF
Static task
static1
Behavioral task
behavioral1
Sample
1707785106445bf2739a351ab8d200015920752c2de957d950599a71d463c6f2.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
1707785106445bf2739a351ab8d200015920752c2de957d950599a71d463c6f2.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
1707785106445bf2739a351ab8d200015920752c2de957d950599a71d463c6f2
-
Size
1.1MB
-
MD5
a87e39a2994260ace4ff450bc209eaa8
-
SHA1
a6772a1894a70969764e56f7575d838980ccd33b
-
SHA256
1707785106445bf2739a351ab8d200015920752c2de957d950599a71d463c6f2
-
SHA512
00f2ad75748dbf63e952c80c0e3140bf251c9b9e8e72b508b9ffdd9602ee3c499860866da73b677ab76005d7556684f217ba39b1fa94e4baee15adb4e67a1a0e
-
SSDEEP
24576:fOdeuxwMYxd+LZNUVwTgSluLV8+rfibJ4G8Jxxk+X0o4C4HMirof:mdpxlYxYUwgssZfA4G8JxxGF
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-