General
-
Target
1edd7716f54fffca2642cc426e4d00be78b49915bbbd8cc6f5ef69ec13b730bd
-
Size
270KB
-
Sample
221003-tcgxpadgam
-
MD5
62a98c82798619c729369e146fba0b20
-
SHA1
b9158824706e041e05323f188b93e402fad2a71e
-
SHA256
1edd7716f54fffca2642cc426e4d00be78b49915bbbd8cc6f5ef69ec13b730bd
-
SHA512
2014944257d7bbf380197fa62517f6899c233755aaa19c38b170575637a737c96d96ceeaff44b525928834caa5f6326d646a6fb1d7791e0c619032b20274308b
-
SSDEEP
6144:rG377xS2Vp2CeiorXdwTBgWx4v53qpcCJJvHZ:ar7xS2Vp6RwTyCXbJJvHZ
Malware Config
Targets
-
-
Target
1edd7716f54fffca2642cc426e4d00be78b49915bbbd8cc6f5ef69ec13b730bd
-
Size
270KB
-
MD5
62a98c82798619c729369e146fba0b20
-
SHA1
b9158824706e041e05323f188b93e402fad2a71e
-
SHA256
1edd7716f54fffca2642cc426e4d00be78b49915bbbd8cc6f5ef69ec13b730bd
-
SHA512
2014944257d7bbf380197fa62517f6899c233755aaa19c38b170575637a737c96d96ceeaff44b525928834caa5f6326d646a6fb1d7791e0c619032b20274308b
-
SSDEEP
6144:rG377xS2Vp2CeiorXdwTBgWx4v53qpcCJJvHZ:ar7xS2Vp6RwTyCXbJJvHZ
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
UAC bypass
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-