General
-
Target
32d2b33067419d6dab4410e787f3f886de2b7571017879fe7280e11cf3455c7e
-
Size
685KB
-
Sample
221126-zc8cjafh5t
-
MD5
ac4959f40f22a11ee528ef90e22db442
-
SHA1
e20043be99033f6d47b18393f67ac8753427ed5d
-
SHA256
32d2b33067419d6dab4410e787f3f886de2b7571017879fe7280e11cf3455c7e
-
SHA512
12c824f695f01d6fd227d1c087ca5494ea190f7c30c3e668b8c2705e39c4ce123dc7c12a5e0bd672f85a6e1edc4fd775ee41379d7f0416a3d708e64188794848
-
SSDEEP
12288:+F6kN+Db1SIsf8rG8fv+epDbyk0nLi1fxIBxixny:+F6kcnUIA8rvv+cPyk0nG5OYy
Malware Config
Targets
-
-
Target
32d2b33067419d6dab4410e787f3f886de2b7571017879fe7280e11cf3455c7e
-
Size
685KB
-
MD5
ac4959f40f22a11ee528ef90e22db442
-
SHA1
e20043be99033f6d47b18393f67ac8753427ed5d
-
SHA256
32d2b33067419d6dab4410e787f3f886de2b7571017879fe7280e11cf3455c7e
-
SHA512
12c824f695f01d6fd227d1c087ca5494ea190f7c30c3e668b8c2705e39c4ce123dc7c12a5e0bd672f85a6e1edc4fd775ee41379d7f0416a3d708e64188794848
-
SSDEEP
12288:+F6kN+Db1SIsf8rG8fv+epDbyk0nLi1fxIBxixny:+F6kcnUIA8rvv+cPyk0nG5OYy
Score10/10-
Imminent RAT
Remote-access trojan based on Imminent Monitor remote admin software.
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-