General
-
Target
087d711df5110e075463bf78fd1d88839b95ad1b5e532f331df525c211700250N.exe
-
Size
302KB
-
Sample
241222-n3c4jaxjh1
-
MD5
320f7fd6be5cbe8669f9515d51260900
-
SHA1
1f6d24e80c248e7924a14fec40bd3dac39bfd03a
-
SHA256
087d711df5110e075463bf78fd1d88839b95ad1b5e532f331df525c211700250
-
SHA512
b6ae3945fd9e8139f9f0bd6900d545a9b9b4ee76624c0b1f2ce48f63fc1c953d707e71a3f4d7acb9e477ac1aba15c5ae648cc3cc23329bffb696d466052f6e40
-
SSDEEP
6144:K9d2UEsvUo+/+33MyPsaoyY2eHlaNOIyltCWhkcyPfF:2yYR+c30MYnHthqHF
Malware Config
Targets
-
-
Target
087d711df5110e075463bf78fd1d88839b95ad1b5e532f331df525c211700250N.exe
-
Size
302KB
-
MD5
320f7fd6be5cbe8669f9515d51260900
-
SHA1
1f6d24e80c248e7924a14fec40bd3dac39bfd03a
-
SHA256
087d711df5110e075463bf78fd1d88839b95ad1b5e532f331df525c211700250
-
SHA512
b6ae3945fd9e8139f9f0bd6900d545a9b9b4ee76624c0b1f2ce48f63fc1c953d707e71a3f4d7acb9e477ac1aba15c5ae648cc3cc23329bffb696d466052f6e40
-
SSDEEP
6144:K9d2UEsvUo+/+33MyPsaoyY2eHlaNOIyltCWhkcyPfF:2yYR+c30MYnHthqHF
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
Looks for VirtualBox Guest Additions in registry
-
ModiLoader Second Stage
-
Adds policy Run key to start application
-
Disables use of System Restore points
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2