General
-
Target
bc9c7c554efe81bd2e75598bc36a8bd7a68a72fca81d0ebb838a6a0095138ab5
-
Size
354KB
-
Sample
221127-1gfnraeg5z
-
MD5
58b57483e9c5a220be4dc32819e13798
-
SHA1
91fddbbc9465cb6030e07fe5a2e9d4de84c19f66
-
SHA256
bc9c7c554efe81bd2e75598bc36a8bd7a68a72fca81d0ebb838a6a0095138ab5
-
SHA512
b82ee95de12273a5b4a19cec7455a527353405b1a18bf3e0731e2434b349ec70ffe261c19d6d126b5912d5de0978ea01789798ce0f69cf39c79211fc0dedc49d
-
SSDEEP
6144:XNz4CVrWpkt9NLUP4mGc8AsODbAoO2g+qCzvZtinEvzuM+IL2r:V4mIktrgP2cYQA52CC9tfvCM+h
Static task
static1
Behavioral task
behavioral1
Sample
bc9c7c554efe81bd2e75598bc36a8bd7a68a72fca81d0ebb838a6a0095138ab5.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
bc9c7c554efe81bd2e75598bc36a8bd7a68a72fca81d0ebb838a6a0095138ab5.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
bc9c7c554efe81bd2e75598bc36a8bd7a68a72fca81d0ebb838a6a0095138ab5
-
Size
354KB
-
MD5
58b57483e9c5a220be4dc32819e13798
-
SHA1
91fddbbc9465cb6030e07fe5a2e9d4de84c19f66
-
SHA256
bc9c7c554efe81bd2e75598bc36a8bd7a68a72fca81d0ebb838a6a0095138ab5
-
SHA512
b82ee95de12273a5b4a19cec7455a527353405b1a18bf3e0731e2434b349ec70ffe261c19d6d126b5912d5de0978ea01789798ce0f69cf39c79211fc0dedc49d
-
SSDEEP
6144:XNz4CVrWpkt9NLUP4mGc8AsODbAoO2g+qCzvZtinEvzuM+IL2r:V4mIktrgP2cYQA52CC9tfvCM+h
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Checks for common network interception software
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
-
Looks for VirtualBox Guest Additions in registry
-
ModiLoader Second Stage
-
Adds policy Run key to start application
-
Disables use of System Restore points
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-