General
-
Target
SecuriteInfo.com.Trojan.DownLoader33.63103.7154.21167
-
Size
1.2MB
-
Sample
200712-n9n9neqpfx
-
MD5
6c828880cf1a66e50d5f9f199421c069
-
SHA1
d6bad18b6025d9bea349f178bcbf416010c3b4bd
-
SHA256
f8185c5af3e891bdb81a646bb410777393f7ba6db6f4fc0727948c4b95264334
-
SHA512
1dc753ec63419e7fa8773fdc1b4da3d026217fbde17ef4eb86ee5e965c312bcc75d1cf1f44a9512c147fa3893b6a2b001d44dbf42fd4f3d972b27bbe31be462a
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.DownLoader33.63103.7154.21167.exe
Resource
win7
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.DownLoader33.63103.7154.21167.exe
Resource
win10v200430
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Trojan.DownLoader33.63103.7154.21167
-
Size
1.2MB
-
MD5
6c828880cf1a66e50d5f9f199421c069
-
SHA1
d6bad18b6025d9bea349f178bcbf416010c3b4bd
-
SHA256
f8185c5af3e891bdb81a646bb410777393f7ba6db6f4fc0727948c4b95264334
-
SHA512
1dc753ec63419e7fa8773fdc1b4da3d026217fbde17ef4eb86ee5e965c312bcc75d1cf1f44a9512c147fa3893b6a2b001d44dbf42fd4f3d972b27bbe31be462a
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ServiceHost packer
Detects ServiceHost packer used for .NET malware
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-