General
-
Target
0daa4e99549daf20669550eb3a24ecccee96e47e109e56e8f188e709175e27dc
-
Size
369KB
-
Sample
221128-wpthcsac91
-
MD5
74ceedc762fbfd967bacd2790bf2d63f
-
SHA1
ce95e3244367fa42c588090b647c41b9e4f32edf
-
SHA256
0daa4e99549daf20669550eb3a24ecccee96e47e109e56e8f188e709175e27dc
-
SHA512
ca84cbb03c9b0496c0a5d302444cbfd41f6ee06e9bdb34719b74c265cf611049cdcaea3085ef374e753937767f7137cf085b1315010c7b0b7ddbbeafcd897c8b
-
SSDEEP
6144:8pctq7HVo8zQSfzIHmherAqH3qG+CAA3YNufb17JGc:8pgw1oRaEiIRH3jXp3YchFX
Malware Config
Targets
-
-
Target
0daa4e99549daf20669550eb3a24ecccee96e47e109e56e8f188e709175e27dc
-
Size
369KB
-
MD5
74ceedc762fbfd967bacd2790bf2d63f
-
SHA1
ce95e3244367fa42c588090b647c41b9e4f32edf
-
SHA256
0daa4e99549daf20669550eb3a24ecccee96e47e109e56e8f188e709175e27dc
-
SHA512
ca84cbb03c9b0496c0a5d302444cbfd41f6ee06e9bdb34719b74c265cf611049cdcaea3085ef374e753937767f7137cf085b1315010c7b0b7ddbbeafcd897c8b
-
SSDEEP
6144:8pctq7HVo8zQSfzIHmherAqH3qG+CAA3YNufb17JGc:8pgw1oRaEiIRH3jXp3YchFX
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Looks for VirtualBox Guest Additions in registry
-
ModiLoader Second Stage
-
Adds policy Run key to start application
-
Disables use of System Restore points
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-