General
-
Target
c90193af8ffe050ad79402dfceb9274be08b300bc02ecb1e6394917ee50934e4
-
Size
988KB
-
Sample
230414-ssbj6sbh8z
-
MD5
66d5db3da9af5b8e8fc8ab5dec6ac73b
-
SHA1
3128c0cec2ccdcd8d17bba1f6b50a8d7cac49d26
-
SHA256
c90193af8ffe050ad79402dfceb9274be08b300bc02ecb1e6394917ee50934e4
-
SHA512
697cc93cd378d13097f46a3a73b51c61d62f421996ce538b4ad7e3663808200d1d2fb36a181fbbc51ef65bcaaff190a8d90b0a28980e75191ca2d0126d2eeb65
-
SSDEEP
12288:MyAdYwUGsU7a7FP7Gp1tAe5fhBbYj3vY7IEDjoSgfNQGDyAcdYGybmIAl1zODhBc:Mp6707ahGXBfcjwEsIejHuG/joD
Static task
static1
Behavioral task
behavioral1
Sample
c90193af8ffe050ad79402dfceb9274be08b300bc02ecb1e6394917ee50934e4.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
vidar
3.4
be67f2b288274aabb4498979305ac4e1
https://steamcommunity.com/profiles/76561199494593681
https://t.me/auftriebs
-
profile_id_v2
be67f2b288274aabb4498979305ac4e1
-
user_agent
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:105.0) Gecko/20100101 Firefox/105.0
Targets
-
-
Target
c90193af8ffe050ad79402dfceb9274be08b300bc02ecb1e6394917ee50934e4
-
Size
988KB
-
MD5
66d5db3da9af5b8e8fc8ab5dec6ac73b
-
SHA1
3128c0cec2ccdcd8d17bba1f6b50a8d7cac49d26
-
SHA256
c90193af8ffe050ad79402dfceb9274be08b300bc02ecb1e6394917ee50934e4
-
SHA512
697cc93cd378d13097f46a3a73b51c61d62f421996ce538b4ad7e3663808200d1d2fb36a181fbbc51ef65bcaaff190a8d90b0a28980e75191ca2d0126d2eeb65
-
SSDEEP
12288:MyAdYwUGsU7a7FP7Gp1tAe5fhBbYj3vY7IEDjoSgfNQGDyAcdYGybmIAl1zODhBc:Mp6707ahGXBfcjwEsIejHuG/joD
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-