General
-
Target
886aaf6054c23d24195e22b0859d5cd7d85f84ec8b62667752e2d3a7e3d35101
-
Size
2.6MB
-
Sample
221201-by969aga4s
-
MD5
d01690b14af545e3baece0e3d0844b81
-
SHA1
2a9cccbf6316fc8fe01901b9b8a4c88df903fc83
-
SHA256
886aaf6054c23d24195e22b0859d5cd7d85f84ec8b62667752e2d3a7e3d35101
-
SHA512
63f13b6ad32df05a87ed184563ccc67c4527485afddf078ee956d7168f09bb1df5b876d369537bada4df38990f03a0d8bca346e623eae1400381d275b85a3260
-
SSDEEP
49152:656hUFMwpAE2pK2F9y/hX5r+UOb9bg3Esm8RUNh193TmIewXi9r1+3xX991c8kMw:o6h3wpWFE/hVkRg3DmD193Iw2peHk3
Malware Config
Targets
-
-
Target
886aaf6054c23d24195e22b0859d5cd7d85f84ec8b62667752e2d3a7e3d35101
-
Size
2.6MB
-
MD5
d01690b14af545e3baece0e3d0844b81
-
SHA1
2a9cccbf6316fc8fe01901b9b8a4c88df903fc83
-
SHA256
886aaf6054c23d24195e22b0859d5cd7d85f84ec8b62667752e2d3a7e3d35101
-
SHA512
63f13b6ad32df05a87ed184563ccc67c4527485afddf078ee956d7168f09bb1df5b876d369537bada4df38990f03a0d8bca346e623eae1400381d275b85a3260
-
SSDEEP
49152:656hUFMwpAE2pK2F9y/hX5r+UOb9bg3Esm8RUNh193TmIewXi9r1+3xX991c8kMw:o6h3wpWFE/hVkRg3DmD193Iw2peHk3
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-