General
-
Target
d08fba23a49c10035dc265ea0223875423d433985c4db39cad367592252f1979
-
Size
441KB
-
Sample
221206-t5ctfaec33
-
MD5
215ef1572300670780bf245508ba0114
-
SHA1
6782c967e5106b0a9c1d095a29378875e2b9dd14
-
SHA256
d08fba23a49c10035dc265ea0223875423d433985c4db39cad367592252f1979
-
SHA512
b6fba91d525139d2d6de2b2dd4b8c0a9312782b2f3cb18f9761040a2dcf9ee13eeb1711f4179c53501c80b85d2c3f570a3e53c1b02c7a133e1937ebbb0331a61
-
SSDEEP
12288:VpTmU2Je0dt8t5emNWo6i9PmHoUiL4YDrFxNJ6qqMuK80piUEO:Vp2fxCPmHKpHX6qPuK80piUEO
Malware Config
Targets
-
-
Target
d08fba23a49c10035dc265ea0223875423d433985c4db39cad367592252f1979
-
Size
441KB
-
MD5
215ef1572300670780bf245508ba0114
-
SHA1
6782c967e5106b0a9c1d095a29378875e2b9dd14
-
SHA256
d08fba23a49c10035dc265ea0223875423d433985c4db39cad367592252f1979
-
SHA512
b6fba91d525139d2d6de2b2dd4b8c0a9312782b2f3cb18f9761040a2dcf9ee13eeb1711f4179c53501c80b85d2c3f570a3e53c1b02c7a133e1937ebbb0331a61
-
SSDEEP
12288:VpTmU2Je0dt8t5emNWo6i9PmHoUiL4YDrFxNJ6qqMuK80piUEO:Vp2fxCPmHKpHX6qPuK80piUEO
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modifies firewall policy service
-
ModiLoader Second Stage
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-