General
-
Target
41a0f10d4906edfada07b2ad57fba77c5f664bc40e09c88879793654206900f7
-
Size
284KB
-
Sample
221003-bqwc5abhfp
-
MD5
71096df07cffaf2eca61f769660708b0
-
SHA1
1dc9cb4d2e512bf9c6e665a55abc92b3d3d4a598
-
SHA256
41a0f10d4906edfada07b2ad57fba77c5f664bc40e09c88879793654206900f7
-
SHA512
0660d8ef78c19d1793e4882300b7c987d46832794734563e91bcc5b828d86c68aeaff59898451c892b58836ac9b999b11e99701aff77f782756b1eb8b620d350
-
SSDEEP
6144:Aen7pmZX/JaVjUsvvEVtXk07pGm2WCg8zQMrqnvwPzB/mLUacmV:XdmC1LEf00QzWnGQNn4PzPat
Static task
static1
Behavioral task
behavioral1
Sample
41a0f10d4906edfada07b2ad57fba77c5f664bc40e09c88879793654206900f7.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
41a0f10d4906edfada07b2ad57fba77c5f664bc40e09c88879793654206900f7.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
41a0f10d4906edfada07b2ad57fba77c5f664bc40e09c88879793654206900f7
-
Size
284KB
-
MD5
71096df07cffaf2eca61f769660708b0
-
SHA1
1dc9cb4d2e512bf9c6e665a55abc92b3d3d4a598
-
SHA256
41a0f10d4906edfada07b2ad57fba77c5f664bc40e09c88879793654206900f7
-
SHA512
0660d8ef78c19d1793e4882300b7c987d46832794734563e91bcc5b828d86c68aeaff59898451c892b58836ac9b999b11e99701aff77f782756b1eb8b620d350
-
SSDEEP
6144:Aen7pmZX/JaVjUsvvEVtXk07pGm2WCg8zQMrqnvwPzB/mLUacmV:XdmC1LEf00QzWnGQNn4PzPat
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-