General
-
Target
8b98cf043c6e4bca4d3bb3d29bf69e4ecf6ae65ea8fdb96743015a7169a9e3ab
-
Size
152KB
-
Sample
221129-xwn2wsbe5y
-
MD5
6a84ec274e8595f449d95f02e0fdb273
-
SHA1
1a1c5a0ddda2e647f001abe03c6e39c68a722f06
-
SHA256
8b98cf043c6e4bca4d3bb3d29bf69e4ecf6ae65ea8fdb96743015a7169a9e3ab
-
SHA512
a9ed4eb75a4e9996b538dc9527f75b0964318c513f43b6763bb1904263c26efb59a18712731d8138b9fa09c9380f84715db8c54acbc3748b8f71e1e2cc8a77f2
-
SSDEEP
3072:Q8tzAqPq2m2GHL84cjsgXD8cwgOcBFEiawf9EiBNrmB+0b0vCp42FwQYnqZPSAaZ:Q5Gom3O1XYqNMQ
Malware Config
Targets
-
-
Target
8b98cf043c6e4bca4d3bb3d29bf69e4ecf6ae65ea8fdb96743015a7169a9e3ab
-
Size
152KB
-
MD5
6a84ec274e8595f449d95f02e0fdb273
-
SHA1
1a1c5a0ddda2e647f001abe03c6e39c68a722f06
-
SHA256
8b98cf043c6e4bca4d3bb3d29bf69e4ecf6ae65ea8fdb96743015a7169a9e3ab
-
SHA512
a9ed4eb75a4e9996b538dc9527f75b0964318c513f43b6763bb1904263c26efb59a18712731d8138b9fa09c9380f84715db8c54acbc3748b8f71e1e2cc8a77f2
-
SSDEEP
3072:Q8tzAqPq2m2GHL84cjsgXD8cwgOcBFEiawf9EiBNrmB+0b0vCp42FwQYnqZPSAaZ:Q5Gom3O1XYqNMQ
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modifies WinLogon for persistence
-
ModiLoader Second Stage
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-