General
-
Target
85624e0d5a89ab0739e9cb39decd5f3f5fd26c2f15149da0e672a366ae061a47
-
Size
1.6MB
-
Sample
221129-1kxfnsae58
-
MD5
942349cff1a0505c8ef3708501a60782
-
SHA1
f01393d5fea6bb558fc8f61e57d2bda40900e620
-
SHA256
85624e0d5a89ab0739e9cb39decd5f3f5fd26c2f15149da0e672a366ae061a47
-
SHA512
dac97e3f33cba3d8e59f468a7c2efcb2d9333aa768b6890197462abc2b2a5f3f32438a56a291eef37e1b72f1f347e7a65c4bb3ea158c0813cae7b38bd5c8ebcc
-
SSDEEP
24576:HRGz8Y8HxaDEOSZBacOjVnqoNvKBytXl20Tbs2TXPRG22:H+QQDEzZB/OjpP1FTb5DM
Malware Config
Targets
-
-
Target
85624e0d5a89ab0739e9cb39decd5f3f5fd26c2f15149da0e672a366ae061a47
-
Size
1.6MB
-
MD5
942349cff1a0505c8ef3708501a60782
-
SHA1
f01393d5fea6bb558fc8f61e57d2bda40900e620
-
SHA256
85624e0d5a89ab0739e9cb39decd5f3f5fd26c2f15149da0e672a366ae061a47
-
SHA512
dac97e3f33cba3d8e59f468a7c2efcb2d9333aa768b6890197462abc2b2a5f3f32438a56a291eef37e1b72f1f347e7a65c4bb3ea158c0813cae7b38bd5c8ebcc
-
SSDEEP
24576:HRGz8Y8HxaDEOSZBacOjVnqoNvKBytXl20Tbs2TXPRG22:H+QQDEzZB/OjpP1FTb5DM
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
UAC bypass
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-