General
-
Target
5ab7786518f2e12e631df4b89431384e1268c2bc357cfb1f932ac95a92a50f83
-
Size
256KB
-
Sample
220802-c17pksgehn
-
MD5
6f2daa391bd82e2d92d46a4dc40e8a31
-
SHA1
6186cb72b280818a568a8351c0d2e990a5673b54
-
SHA256
5ab7786518f2e12e631df4b89431384e1268c2bc357cfb1f932ac95a92a50f83
-
SHA512
308ced18268648d349dd82d6a8b6614649bb54f2f7ad743ffdc46279810659a118609df2db7383b0736ec11b5edfc5dd193deae72654921db1d8a27b8a7b7758
Static task
static1
Behavioral task
behavioral1
Sample
5ab7786518f2e12e631df4b89431384e1268c2bc357cfb1f932ac95a92a50f83.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
5ab7786518f2e12e631df4b89431384e1268c2bc357cfb1f932ac95a92a50f83.exe
Resource
win10v2004-20220721-en
Malware Config
Targets
-
-
Target
5ab7786518f2e12e631df4b89431384e1268c2bc357cfb1f932ac95a92a50f83
-
Size
256KB
-
MD5
6f2daa391bd82e2d92d46a4dc40e8a31
-
SHA1
6186cb72b280818a568a8351c0d2e990a5673b54
-
SHA256
5ab7786518f2e12e631df4b89431384e1268c2bc357cfb1f932ac95a92a50f83
-
SHA512
308ced18268648d349dd82d6a8b6614649bb54f2f7ad743ffdc46279810659a118609df2db7383b0736ec11b5edfc5dd193deae72654921db1d8a27b8a7b7758
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-