General
-
Target
fed74fd902778dd9263ec46c97192a4d0238afd343b2c73b43bed3b309df55b7
-
Size
2.6MB
-
Sample
221128-mfbrhsbf5t
-
MD5
e72aaafff683d056502cc68ab1333deb
-
SHA1
934deb70f68a11e75985933a8a449fb4a8269dc4
-
SHA256
fed74fd902778dd9263ec46c97192a4d0238afd343b2c73b43bed3b309df55b7
-
SHA512
101d7c33bad59ce83b5d372e013fc838f1b6c33e96d94b22bcf499ef6a3a6277f2ec86d864d5d6ac7edfa1e6dee83a0e7dfc4a277b7e63546c7899585d5a29f2
-
SSDEEP
49152:SJZoQrbTFZY1iazcBXcmdxoNmiHFNWt7jAui5Uj2MNo:StrbTA1Eo
Malware Config
Targets
-
-
Target
fed74fd902778dd9263ec46c97192a4d0238afd343b2c73b43bed3b309df55b7
-
Size
2.6MB
-
MD5
e72aaafff683d056502cc68ab1333deb
-
SHA1
934deb70f68a11e75985933a8a449fb4a8269dc4
-
SHA256
fed74fd902778dd9263ec46c97192a4d0238afd343b2c73b43bed3b309df55b7
-
SHA512
101d7c33bad59ce83b5d372e013fc838f1b6c33e96d94b22bcf499ef6a3a6277f2ec86d864d5d6ac7edfa1e6dee83a0e7dfc4a277b7e63546c7899585d5a29f2
-
SSDEEP
49152:SJZoQrbTFZY1iazcBXcmdxoNmiHFNWt7jAui5Uj2MNo:StrbTA1Eo
Score10/10-
Imminent RAT
Remote-access trojan based on Imminent Monitor remote admin software.
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modifies WinLogon for persistence
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-