General
-
Target
d4225806645a14535d710435a37e494e
-
Size
1.9MB
-
Sample
240318-wcvvnaed94
-
MD5
d4225806645a14535d710435a37e494e
-
SHA1
68ceb6cba1c619e9d774a48ee4d3604b885229a5
-
SHA256
73f7eb205cfb97c01badabbe0a57eb951ad091a954eaa70909868faf8d89d5a8
-
SHA512
40bdc54ae22791feba6be0500fcdb875463ab38876943077a211bf12d0feaa6310f24848970b01f09f89120d707ccd200e5f11fdc03d832c55a2476a30c83175
-
SSDEEP
24576:50T3y7eJDL10uTtj4aik+7dNeM3fpo1et+TVMG2mpM7vG6AGyRz6m6I:+Qu/10uTtjZ+beKJtgp2m4GoQzz
Malware Config
Targets
-
-
Target
d4225806645a14535d710435a37e494e
-
Size
1.9MB
-
MD5
d4225806645a14535d710435a37e494e
-
SHA1
68ceb6cba1c619e9d774a48ee4d3604b885229a5
-
SHA256
73f7eb205cfb97c01badabbe0a57eb951ad091a954eaa70909868faf8d89d5a8
-
SHA512
40bdc54ae22791feba6be0500fcdb875463ab38876943077a211bf12d0feaa6310f24848970b01f09f89120d707ccd200e5f11fdc03d832c55a2476a30c83175
-
SSDEEP
24576:50T3y7eJDL10uTtj4aik+7dNeM3fpo1et+TVMG2mpM7vG6AGyRz6m6I:+Qu/10uTtjZ+beKJtgp2m4GoQzz
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
UAC bypass
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3Virtualization/Sandbox Evasion
1