General
-
Target
56b3f950f86319870611c364b467719a.exe
-
Size
722KB
-
Sample
230301-j12a5afc89
-
MD5
56b3f950f86319870611c364b467719a
-
SHA1
ef7e6573e08777e8496f3c5f68fb34d545c9fdcb
-
SHA256
f55ce0741ed4615bae5646c644b3a971323ac344b12693495d5749c688d5d489
-
SHA512
43d0da4349ff27c99d7184dfa810527591b158fc2a053b6e289ee2d2ee9a3da5389c90213e82ab5a4d9abd7af43d5f5db007d3d4d66dc2620409cafe48ead147
-
SSDEEP
12288:HoDzEcLL4ZjVUi0EosOijSmrXO9Ax3mIEDs0wvw1BjSxFrXhy:HG4s0jVLyijxZx2qI1BSxdXE
Malware Config
Targets
-
-
Target
56b3f950f86319870611c364b467719a.exe
-
Size
722KB
-
MD5
56b3f950f86319870611c364b467719a
-
SHA1
ef7e6573e08777e8496f3c5f68fb34d545c9fdcb
-
SHA256
f55ce0741ed4615bae5646c644b3a971323ac344b12693495d5749c688d5d489
-
SHA512
43d0da4349ff27c99d7184dfa810527591b158fc2a053b6e289ee2d2ee9a3da5389c90213e82ab5a4d9abd7af43d5f5db007d3d4d66dc2620409cafe48ead147
-
SSDEEP
12288:HoDzEcLL4ZjVUi0EosOijSmrXO9Ax3mIEDs0wvw1BjSxFrXhy:HG4s0jVLyijxZx2qI1BSxdXE
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-