General
-
Target
http://www.malwaredomainlist.com/mdl.php
-
Sample
240222-dfyfvabe33
Score
10/10
Malware Config
Targets
-
-
Target
http://www.malwaredomainlist.com/mdl.php
Score10/10-
Detects Kaiten/Tsunami Payload
-
Detects Kaiten/Tsunami payload
-
Kaiten/Tsunami
Linux-based IoT botnet which is controlled through IRC and normally used to carry out DDoS attacks.
-
M00nd3v_Logger
M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
M00nD3v Logger payload
Detects M00nD3v Logger payload in memory.
-
ModiLoader First Stage
-
ModiLoader Second Stage
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-