General
-
Target
a61c98ea366af19c5b996674c2876d5a7f981e305342a0eaf0150b0ca6adf5bd
-
Size
476KB
-
Sample
221002-296lbagchj
-
MD5
653d1a10b18c832f9a1668dfd2d2e622
-
SHA1
1b124dad73ee3005b47a0ea7ffcd6fcb7be3139a
-
SHA256
a61c98ea366af19c5b996674c2876d5a7f981e305342a0eaf0150b0ca6adf5bd
-
SHA512
954e62e3c8bf6f506aa8b87cdca1edcfcd49d085ea037873608f91ff71679d8fecfc0856c9716b247acc9e22837dad37dce88fe6dc8e03de93e5bef7f365f7d7
-
SSDEEP
12288:9s8I65X4f9cbWu/axAgPH7Yw+eVP3rn8jotmsa761N7toG2Rg:9RWuPubHVP3rmtsa7613sg
Malware Config
Targets
-
-
Target
a61c98ea366af19c5b996674c2876d5a7f981e305342a0eaf0150b0ca6adf5bd
-
Size
476KB
-
MD5
653d1a10b18c832f9a1668dfd2d2e622
-
SHA1
1b124dad73ee3005b47a0ea7ffcd6fcb7be3139a
-
SHA256
a61c98ea366af19c5b996674c2876d5a7f981e305342a0eaf0150b0ca6adf5bd
-
SHA512
954e62e3c8bf6f506aa8b87cdca1edcfcd49d085ea037873608f91ff71679d8fecfc0856c9716b247acc9e22837dad37dce88fe6dc8e03de93e5bef7f365f7d7
-
SSDEEP
12288:9s8I65X4f9cbWu/axAgPH7Yw+eVP3rn8jotmsa761N7toG2Rg:9RWuPubHVP3rmtsa7613sg
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-