General
-
Target
83b81e68569b4eae59f528ee34468a36bb732f0d99e1132bad3ef036eefee07d
-
Size
563KB
-
Sample
221201-ch1tbaec68
-
MD5
8967491536d2c1e33c1fe73073a1b34d
-
SHA1
5306b08beab7e5c3affe25c11f443a78ce072427
-
SHA256
83b81e68569b4eae59f528ee34468a36bb732f0d99e1132bad3ef036eefee07d
-
SHA512
385ede0f4de0f3e227bc6bc5a82cf83ad26b16c61e10b57461a6ec9e9f4ce015b77e6bba0727b44f64f47905ea4152aa1a57d068d39a4c29c816a94da23cc369
-
SSDEEP
12288:nPvrubMKEHV+d0ktHzLCgzgV3cWVj2urzNY:PvrubSHoOktXhzJgHm
Malware Config
Targets
-
-
Target
83b81e68569b4eae59f528ee34468a36bb732f0d99e1132bad3ef036eefee07d
-
Size
563KB
-
MD5
8967491536d2c1e33c1fe73073a1b34d
-
SHA1
5306b08beab7e5c3affe25c11f443a78ce072427
-
SHA256
83b81e68569b4eae59f528ee34468a36bb732f0d99e1132bad3ef036eefee07d
-
SHA512
385ede0f4de0f3e227bc6bc5a82cf83ad26b16c61e10b57461a6ec9e9f4ce015b77e6bba0727b44f64f47905ea4152aa1a57d068d39a4c29c816a94da23cc369
-
SSDEEP
12288:nPvrubMKEHV+d0ktHzLCgzgV3cWVj2urzNY:PvrubSHoOktXhzJgHm
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Suspicious use of SetThreadContext
-