General
-
Target
c6895a097e1dd47b96e2e01f1097b4b3562c130fd573b4963c375023fd6d2b0c
-
Size
2.0MB
-
Sample
221003-2ww5qabbd3
-
MD5
2431bc9b1abccc45d8b824630705b715
-
SHA1
b2c71ff6d8948ab1421e91ebe3efb2c19712e3b7
-
SHA256
c6895a097e1dd47b96e2e01f1097b4b3562c130fd573b4963c375023fd6d2b0c
-
SHA512
9ee3ea285e4d07e3f7d17a514781216aa74f9f0c3e0a2bfb44d7f4ec6e6cc8df6d4b81587d3bd80b5469e5cdbcbd493d78184de3894dff8432667dab27911d9c
-
SSDEEP
49152:z8OydUNjjc+vdxIuKBHE0CQhRq73LhsFX6PAOAYKtu:zX5c+vJKBHVCQ/qjlsFqPAO3Ktu
Malware Config
Targets
-
-
Target
c6895a097e1dd47b96e2e01f1097b4b3562c130fd573b4963c375023fd6d2b0c
-
Size
2.0MB
-
MD5
2431bc9b1abccc45d8b824630705b715
-
SHA1
b2c71ff6d8948ab1421e91ebe3efb2c19712e3b7
-
SHA256
c6895a097e1dd47b96e2e01f1097b4b3562c130fd573b4963c375023fd6d2b0c
-
SHA512
9ee3ea285e4d07e3f7d17a514781216aa74f9f0c3e0a2bfb44d7f4ec6e6cc8df6d4b81587d3bd80b5469e5cdbcbd493d78184de3894dff8432667dab27911d9c
-
SSDEEP
49152:z8OydUNjjc+vdxIuKBHE0CQhRq73LhsFX6PAOAYKtu:zX5c+vJKBHVCQ/qjlsFqPAO3Ktu
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader First Stage
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-