General
-
Target
c777dae8bee8118188a9f18f9ba52d0abf2fc80c9778693da9bf8604e294825d
-
Size
283KB
-
Sample
221201-hw41saed37
-
MD5
7943a46ab1243cc8394c7775e146c49f
-
SHA1
1f857414200148c9bd6f989bde907dae6a1f25ef
-
SHA256
c777dae8bee8118188a9f18f9ba52d0abf2fc80c9778693da9bf8604e294825d
-
SHA512
03983df2b5d8b40d727d9dc449f1299c3a8fcf811ae3353324f48333abf20d51fb678c17bccf959f9a825d4b723e064ab21aecdcca07f9645c6c9065c86950dc
-
SSDEEP
6144:BRTk/YcJpM4Vf90WGsEMA6dw53O80/E3qsL/Ohi7Jh0zj+kdTx89B3x:BR8hJpM4VfnEMA2qO80c3qD+Y+9xx
Malware Config
Targets
-
-
Target
c777dae8bee8118188a9f18f9ba52d0abf2fc80c9778693da9bf8604e294825d
-
Size
283KB
-
MD5
7943a46ab1243cc8394c7775e146c49f
-
SHA1
1f857414200148c9bd6f989bde907dae6a1f25ef
-
SHA256
c777dae8bee8118188a9f18f9ba52d0abf2fc80c9778693da9bf8604e294825d
-
SHA512
03983df2b5d8b40d727d9dc449f1299c3a8fcf811ae3353324f48333abf20d51fb678c17bccf959f9a825d4b723e064ab21aecdcca07f9645c6c9065c86950dc
-
SSDEEP
6144:BRTk/YcJpM4Vf90WGsEMA6dw53O80/E3qsL/Ohi7Jh0zj+kdTx89B3x:BR8hJpM4VfnEMA2qO80c3qD+Y+9xx
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-