General
-
Target
Technical Specifications,Pdf.cmd
-
Size
3.0MB
-
Sample
240612-wvhm2svcje
-
MD5
d0a9ee6ec0f82feb248661a98b7a20fd
-
SHA1
0daecce22849fb7c55cc82dda5891fcd48621673
-
SHA256
4a1bee8fb037d34225b75e741670118c0d546d0bea14b5f72daf0f1bca4e7f89
-
SHA512
ca9524254c81d457332de506d90362d78896e1be3ef6322ac0eab19946e2be61ac7f8581678a0580abf5062972a9437b29a6fcf0c2e86cc57ff2ccefe44b4182
-
SSDEEP
24576:sL49v/AB0iDiIle024r8b92SueW48Wal8iGxwvxA4TeEd6ys/8aOiRzdi:ssVYB1Dle03u92s78WNRO2zdi
Malware Config
Targets
-
-
Target
Technical Specifications,Pdf.cmd
-
Size
3.0MB
-
MD5
d0a9ee6ec0f82feb248661a98b7a20fd
-
SHA1
0daecce22849fb7c55cc82dda5891fcd48621673
-
SHA256
4a1bee8fb037d34225b75e741670118c0d546d0bea14b5f72daf0f1bca4e7f89
-
SHA512
ca9524254c81d457332de506d90362d78896e1be3ef6322ac0eab19946e2be61ac7f8581678a0580abf5062972a9437b29a6fcf0c2e86cc57ff2ccefe44b4182
-
SSDEEP
24576:sL49v/AB0iDiIle024r8b92SueW48Wal8iGxwvxA4TeEd6ys/8aOiRzdi:ssVYB1Dle03u92s78WNRO2zdi
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-