General
-
Target
27c990c2ee6c6957d5c786f689550b4de9c347bbd0199ce912fc3690840dbb2a
-
Size
719KB
-
Sample
221128-chal5abf81
-
MD5
464ca089eccd83089522c185e91ac684
-
SHA1
fdb713bc5374e827cde829fc7e1b668b331a0f71
-
SHA256
27c990c2ee6c6957d5c786f689550b4de9c347bbd0199ce912fc3690840dbb2a
-
SHA512
464d34be801692530ffac2c3af1f9e029fe711bf63352fe9a6d3472b5d8ff57417178397230b29f7f8cbcb993fdaa9d35c28235ce4e314427b2917cf990e88fb
-
SSDEEP
12288:6XgPVmsO7H+JeYkZQors8sEyMGXxe2lX4EEPSwDfAmgBJbf8AwnBrRm8dZ/X:AoZ3J78GTX4bEmCb+rRvZ/X
Static task
static1
Behavioral task
behavioral1
Sample
27c990c2ee6c6957d5c786f689550b4de9c347bbd0199ce912fc3690840dbb2a.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
27c990c2ee6c6957d5c786f689550b4de9c347bbd0199ce912fc3690840dbb2a.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
27c990c2ee6c6957d5c786f689550b4de9c347bbd0199ce912fc3690840dbb2a
-
Size
719KB
-
MD5
464ca089eccd83089522c185e91ac684
-
SHA1
fdb713bc5374e827cde829fc7e1b668b331a0f71
-
SHA256
27c990c2ee6c6957d5c786f689550b4de9c347bbd0199ce912fc3690840dbb2a
-
SHA512
464d34be801692530ffac2c3af1f9e029fe711bf63352fe9a6d3472b5d8ff57417178397230b29f7f8cbcb993fdaa9d35c28235ce4e314427b2917cf990e88fb
-
SSDEEP
12288:6XgPVmsO7H+JeYkZQors8sEyMGXxe2lX4EEPSwDfAmgBJbf8AwnBrRm8dZ/X:AoZ3J78GTX4bEmCb+rRvZ/X
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modifies visiblity of hidden/system files in Explorer
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-