General
-
Target
f88fefd59092f98fc9c1faa086491387658e7e4723f9f18d6003f566f59e318e
-
Size
333KB
-
Sample
221126-lzmgpaca3x
-
MD5
70d906924e1337af1dd2cbf6dd5a2c1c
-
SHA1
337d666e42b096e568d19a7fa07e72e21673c82a
-
SHA256
f88fefd59092f98fc9c1faa086491387658e7e4723f9f18d6003f566f59e318e
-
SHA512
301f54230277d4c61ddfbdaeec7b5d01ee6a0d307db00b3291d1eabfb4a76271751d6da065e7033a6dc1b54a2f6ccfda0b8875dcb9dd82d018a47384b54888ed
-
SSDEEP
6144:81ZCtmXDnNp6d77/yXu5pNCpZhb1oHT3j6YW:MZCtEDn+d776INC3hbEo
Malware Config
Targets
-
-
Target
f88fefd59092f98fc9c1faa086491387658e7e4723f9f18d6003f566f59e318e
-
Size
333KB
-
MD5
70d906924e1337af1dd2cbf6dd5a2c1c
-
SHA1
337d666e42b096e568d19a7fa07e72e21673c82a
-
SHA256
f88fefd59092f98fc9c1faa086491387658e7e4723f9f18d6003f566f59e318e
-
SHA512
301f54230277d4c61ddfbdaeec7b5d01ee6a0d307db00b3291d1eabfb4a76271751d6da065e7033a6dc1b54a2f6ccfda0b8875dcb9dd82d018a47384b54888ed
-
SSDEEP
6144:81ZCtmXDnNp6d77/yXu5pNCpZhb1oHT3j6YW:MZCtEDn+d776INC3hbEo
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Looks for VirtualBox Guest Additions in registry
-
ModiLoader Second Stage
-
Adds policy Run key to start application
-
Disables use of System Restore points
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-