General
-
Target
e7dbd88d9418bbca96ec30cbbcbea00d4bfb8167aa5aea89238bc02515c1c37d
-
Size
369KB
-
Sample
221125-27z1radh34
-
MD5
c95c9df728cd99404baab9f421f85a1c
-
SHA1
92503a94d7581579cffcc18646477d448a8069a6
-
SHA256
e7dbd88d9418bbca96ec30cbbcbea00d4bfb8167aa5aea89238bc02515c1c37d
-
SHA512
6e8777c8a70622931e3762d98fdd0d98362ba1f30121e189607069b0fa1f78a28b8baa139d7708d37377dad089d171bdd9f11b83ff17a4077e7bf7e1a2589383
-
SSDEEP
6144:8pctq7HVo8zQSfzIHmherAqH3qG+CAA3YNufb17JGn:8pgw1oRaEiIRH3jXp3YchFM
Malware Config
Targets
-
-
Target
e7dbd88d9418bbca96ec30cbbcbea00d4bfb8167aa5aea89238bc02515c1c37d
-
Size
369KB
-
MD5
c95c9df728cd99404baab9f421f85a1c
-
SHA1
92503a94d7581579cffcc18646477d448a8069a6
-
SHA256
e7dbd88d9418bbca96ec30cbbcbea00d4bfb8167aa5aea89238bc02515c1c37d
-
SHA512
6e8777c8a70622931e3762d98fdd0d98362ba1f30121e189607069b0fa1f78a28b8baa139d7708d37377dad089d171bdd9f11b83ff17a4077e7bf7e1a2589383
-
SSDEEP
6144:8pctq7HVo8zQSfzIHmherAqH3qG+CAA3YNufb17JGn:8pgw1oRaEiIRH3jXp3YchFM
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Looks for VirtualBox Guest Additions in registry
-
ModiLoader Second Stage
-
Adds policy Run key to start application
-
Disables use of System Restore points
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-