General
-
Target
Qdwqyhltorobof.exe
-
Size
1.0MB
-
Sample
230816-hgtw9sab6z
-
MD5
e233a218368b609cb0d55cdc1aca565e
-
SHA1
cd0a45d9e2ddc381addf1ac3cf845be7eb9cdcd3
-
SHA256
3dec0f077df087f3e1c0e2f49194c0362bf56c3fb3ba18fa60b499495e729f48
-
SHA512
1c6469e3ee6961d0ea0c9e711ac37c96cc8bb8a7b9d389430043d80298c33f3765a02915df765b4e94aa64808e19629badf1b7d0ab9c330ac3d3e992d4cb6f99
-
SSDEEP
12288:q+V0OGY20hP4SpWD4XIiIlYqHrvd6FE3TNDJrYb0fZp0B0Yi7fLssVcgbbFWWRpj:qWAs6lD4XNVQrvd/DFR20fI0JzR/RYA
Malware Config
Targets
-
-
Target
Qdwqyhltorobof.exe
-
Size
1.0MB
-
MD5
e233a218368b609cb0d55cdc1aca565e
-
SHA1
cd0a45d9e2ddc381addf1ac3cf845be7eb9cdcd3
-
SHA256
3dec0f077df087f3e1c0e2f49194c0362bf56c3fb3ba18fa60b499495e729f48
-
SHA512
1c6469e3ee6961d0ea0c9e711ac37c96cc8bb8a7b9d389430043d80298c33f3765a02915df765b4e94aa64808e19629badf1b7d0ab9c330ac3d3e992d4cb6f99
-
SSDEEP
12288:q+V0OGY20hP4SpWD4XIiIlYqHrvd6FE3TNDJrYb0fZp0B0Yi7fLssVcgbbFWWRpj:qWAs6lD4XNVQrvd/DFR20fI0JzR/RYA
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Suspicious use of NtCreateProcessOtherParentProcess
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-