General
-
Target
9cef1abb5b1c8cb9c46aacce924a581e5f6f22f6a94d40909c0d724de27a2a80
-
Size
487KB
-
Sample
221203-t4zxksbf7t
-
MD5
f3c99f387838d9b8ec318a42fc74182e
-
SHA1
4479698bfc9e884f833e4e4dad6dbf9d20832c55
-
SHA256
9cef1abb5b1c8cb9c46aacce924a581e5f6f22f6a94d40909c0d724de27a2a80
-
SHA512
933e9227ce53e38034301ab4c8c4794190c0c567bbce64a5c8ff88a172f3a954950d2123ba30754a61e4d3a7a3e55f891565d78e4268e8842c3c8dce62d063f0
-
SSDEEP
6144:80nDtmLMjvgmt2ojZ/BU8XLMmruOClyg1ukZ/A8BO0/4NuwE1pfiWagW:8ZLa2I/PX7ruOCljsKAJ0AkkKW
Malware Config
Targets
-
-
Target
9cef1abb5b1c8cb9c46aacce924a581e5f6f22f6a94d40909c0d724de27a2a80
-
Size
487KB
-
MD5
f3c99f387838d9b8ec318a42fc74182e
-
SHA1
4479698bfc9e884f833e4e4dad6dbf9d20832c55
-
SHA256
9cef1abb5b1c8cb9c46aacce924a581e5f6f22f6a94d40909c0d724de27a2a80
-
SHA512
933e9227ce53e38034301ab4c8c4794190c0c567bbce64a5c8ff88a172f3a954950d2123ba30754a61e4d3a7a3e55f891565d78e4268e8842c3c8dce62d063f0
-
SSDEEP
6144:80nDtmLMjvgmt2ojZ/BU8XLMmruOClyg1ukZ/A8BO0/4NuwE1pfiWagW:8ZLa2I/PX7ruOCljsKAJ0AkkKW
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-