General
-
Target
040920240104Specifications00815943.bat
-
Size
7.1MB
-
Sample
240904-gfyndsvfrq
-
MD5
587adc623cd2ec918e72410537cff0d2
-
SHA1
e5aac4e6a607b0bcf4bbf1cbc5a4562252970396
-
SHA256
bad5893610d16654a1ab3e51e192df321ab33c94c93638d10f39b1a16a6826b5
-
SHA512
c00db34e77b3883020eb9e5c7b24c2f8e02d6e1b460842270ac9ebbb5347b7635c218d4788660e682a40f4b7023af8b251daf385a5455e05907eaf9687aa5139
-
SSDEEP
49152:zZPkpvgL5KZVQISxOmzA29oKMXdcVa4vctfVBsav4vur5SGGKhqYcZYEZtqCYSVp:z
Malware Config
Targets
-
-
Target
040920240104Specifications00815943.bat
-
Size
7.1MB
-
MD5
587adc623cd2ec918e72410537cff0d2
-
SHA1
e5aac4e6a607b0bcf4bbf1cbc5a4562252970396
-
SHA256
bad5893610d16654a1ab3e51e192df321ab33c94c93638d10f39b1a16a6826b5
-
SHA512
c00db34e77b3883020eb9e5c7b24c2f8e02d6e1b460842270ac9ebbb5347b7635c218d4788660e682a40f4b7023af8b251daf385a5455e05907eaf9687aa5139
-
SSDEEP
49152:zZPkpvgL5KZVQISxOmzA29oKMXdcVa4vctfVBsav4vur5SGGKhqYcZYEZtqCYSVp:z
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-