General
-
Target
7799386139.zip
-
Size
476KB
-
Sample
220802-q76mrafef7
-
MD5
44d00a8e8713898d4175fbb8b96fe143
-
SHA1
9cdb8191c2d69cbe647819e5dc29804136f365af
-
SHA256
bcfb6af874f890ddc7506f409370bd743adcc0114a46374857e9e8081d1373c7
-
SHA512
dfc68c41e6558ea21897c8f09e2ef03d993fc2743f7d5c17357a3f8239fd68ce570639fa27f1767463b8164f068a3ff56549e2ef0fbfb643eda57b2b2227c0d1
Malware Config
Targets
-
-
Target
d17de6f437033140a8197c29721e535e19cde342b211c3a0074fa54f79afb375
-
Size
836KB
-
MD5
07789017f254b6ac45b11f66ccada623
-
SHA1
6957e2bd7068f1303723c2ba3075771cdbcb23f0
-
SHA256
d17de6f437033140a8197c29721e535e19cde342b211c3a0074fa54f79afb375
-
SHA512
b30f98657c5069185af2e7a84af4bb2b2d73e9c7a455beae520668a6b40420e0f4d5f19333ec6f7ec45a74c8544f88d449ea1b8d2eacadf22e574b39a384e8b1
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-