General
-
Target
b7381eb5843fe3628b1f24e624d8f41bcc2689799843a344f338e45902ccee94
-
Size
438KB
-
Sample
221130-avbnvafe9s
-
MD5
b9c9d8a0f99d7a0df02ea45e5756a637
-
SHA1
7c31f243c91fd6b041aa1b21601492ad8f058aae
-
SHA256
b7381eb5843fe3628b1f24e624d8f41bcc2689799843a344f338e45902ccee94
-
SHA512
d15e2be208eb2643d728758a33ab3add1a5fc0efaa2da364759aa129007aa6ef482bc3d5ff590c6c1cbf5c83e6e62928033f2160a93f1bb7afe0f194b5e88900
-
SSDEEP
6144:k93nSO2GjZkD10BIY3rb1YfBdfpoZ3u/Ht52w6JSeiFPXo7ILy84uc:Enx2GjMY3XKfd/H/9Pm8+uc
Behavioral task
behavioral1
Sample
b7381eb5843fe3628b1f24e624d8f41bcc2689799843a344f338e45902ccee94.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
b7381eb5843fe3628b1f24e624d8f41bcc2689799843a344f338e45902ccee94.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
b7381eb5843fe3628b1f24e624d8f41bcc2689799843a344f338e45902ccee94
-
Size
438KB
-
MD5
b9c9d8a0f99d7a0df02ea45e5756a637
-
SHA1
7c31f243c91fd6b041aa1b21601492ad8f058aae
-
SHA256
b7381eb5843fe3628b1f24e624d8f41bcc2689799843a344f338e45902ccee94
-
SHA512
d15e2be208eb2643d728758a33ab3add1a5fc0efaa2da364759aa129007aa6ef482bc3d5ff590c6c1cbf5c83e6e62928033f2160a93f1bb7afe0f194b5e88900
-
SSDEEP
6144:k93nSO2GjZkD10BIY3rb1YfBdfpoZ3u/Ht52w6JSeiFPXo7ILy84uc:Enx2GjMY3XKfd/H/9Pm8+uc
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-