General
-
Target
6bf70f86f383ccb5b95d6ad30069a14e76cd8c40910b7e57093fc4d2296ef7b9
-
Size
1.3MB
-
Sample
221129-j3c2babc54
-
MD5
4ea4b38cca339739e28e5021517dd0e4
-
SHA1
03dfb91f6c383191c943ff9789b4691edefd563f
-
SHA256
6bf70f86f383ccb5b95d6ad30069a14e76cd8c40910b7e57093fc4d2296ef7b9
-
SHA512
95754b2eb9fb11a731c2e736afad9c21eeaee87463406006ef4a4d130446d5a53b5ee361a69b609df54104cd6d4a7c78975f5a70d23d51fb666cbea443471c40
-
SSDEEP
24576:me7J0+7Vhd84h7Yif6QIMgwAOdo0HKI3R1roMgSmzLfA4VVRlpRx+s4aN:meV0+7NP911I7wRnOj3pRx1x
Malware Config
Targets
-
-
Target
6bf70f86f383ccb5b95d6ad30069a14e76cd8c40910b7e57093fc4d2296ef7b9
-
Size
1.3MB
-
MD5
4ea4b38cca339739e28e5021517dd0e4
-
SHA1
03dfb91f6c383191c943ff9789b4691edefd563f
-
SHA256
6bf70f86f383ccb5b95d6ad30069a14e76cd8c40910b7e57093fc4d2296ef7b9
-
SHA512
95754b2eb9fb11a731c2e736afad9c21eeaee87463406006ef4a4d130446d5a53b5ee361a69b609df54104cd6d4a7c78975f5a70d23d51fb666cbea443471c40
-
SSDEEP
24576:me7J0+7Vhd84h7Yif6QIMgwAOdo0HKI3R1roMgSmzLfA4VVRlpRx+s4aN:meV0+7NP911I7wRnOj3pRx1x
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
UAC bypass
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Deletes itself
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-