General
-
Target
8115e18d02be9dd0ba8c7c647b8c45ca6dbb4500049dc0f676042ccd9c9fe91b
-
Size
654KB
-
Sample
221201-cv4qqsfd35
-
MD5
c829022a74d194bd7a0f9bc2e53e239a
-
SHA1
bd423410738d401e105b77a0e3ae6442cb5315dd
-
SHA256
8115e18d02be9dd0ba8c7c647b8c45ca6dbb4500049dc0f676042ccd9c9fe91b
-
SHA512
5498f8480f0e6ebfd0b9f9a6156eddcf6ed9c2f39b09711e1006deb21d67a9b73fdeb42f285fd193c6f1e83e7aaad312b61f24be3840ab7c9fa08aa439d4fab9
-
SSDEEP
12288:QbMq2cN6ukMTPxPvtQ50Jtaf0SE+0oQrmOS14uV6PSqAm7xUCTSl:QIqxkMT1O50vafhE+0owc4x6qA+xdm
Behavioral task
behavioral1
Sample
8115e18d02be9dd0ba8c7c647b8c45ca6dbb4500049dc0f676042ccd9c9fe91b.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
8115e18d02be9dd0ba8c7c647b8c45ca6dbb4500049dc0f676042ccd9c9fe91b.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
8115e18d02be9dd0ba8c7c647b8c45ca6dbb4500049dc0f676042ccd9c9fe91b
-
Size
654KB
-
MD5
c829022a74d194bd7a0f9bc2e53e239a
-
SHA1
bd423410738d401e105b77a0e3ae6442cb5315dd
-
SHA256
8115e18d02be9dd0ba8c7c647b8c45ca6dbb4500049dc0f676042ccd9c9fe91b
-
SHA512
5498f8480f0e6ebfd0b9f9a6156eddcf6ed9c2f39b09711e1006deb21d67a9b73fdeb42f285fd193c6f1e83e7aaad312b61f24be3840ab7c9fa08aa439d4fab9
-
SSDEEP
12288:QbMq2cN6ukMTPxPvtQ50Jtaf0SE+0oQrmOS14uV6PSqAm7xUCTSl:QIqxkMT1O50vafhE+0owc4x6qA+xdm
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modifies visiblity of hidden/system files in Explorer
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-