General
-
Target
Swift, unicredit bank.exe
-
Size
665KB
-
Sample
230321-tx31nabh77
-
MD5
67a09ce3a6ac852a8d493d41ac68231c
-
SHA1
0a4feb27fbf7af7465ffd3579cf79932ae64af61
-
SHA256
1980f4cf17585ba77a0ca7596b1be2e928ead3e98f5cd80b1c005968275ef74d
-
SHA512
02b2265c9c6c79569892f5f09b8d8c11e8dd6f287e4910927e4ee3891078acdf07437acdd9764ab59bb908731ab97b58eaccbff88dbc4f8da779009f0dd5e156
-
SSDEEP
12288:7xsnwyGGFm7NjhBBBHS4PKZr7j65hhxqeIpqOZODCFwxK:7yw0m5jhBBc4yZr7shCBiCix
Malware Config
Targets
-
-
Target
Swift, unicredit bank.exe
-
Size
665KB
-
MD5
67a09ce3a6ac852a8d493d41ac68231c
-
SHA1
0a4feb27fbf7af7465ffd3579cf79932ae64af61
-
SHA256
1980f4cf17585ba77a0ca7596b1be2e928ead3e98f5cd80b1c005968275ef74d
-
SHA512
02b2265c9c6c79569892f5f09b8d8c11e8dd6f287e4910927e4ee3891078acdf07437acdd9764ab59bb908731ab97b58eaccbff88dbc4f8da779009f0dd5e156
-
SSDEEP
12288:7xsnwyGGFm7NjhBBBHS4PKZr7j65hhxqeIpqOZODCFwxK:7yw0m5jhBBc4yZr7shCBiCix
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-