General
-
Target
6b4f9cb6b26d5feffa071f11d8f49a590c6f8656f896f22b6a28e87ad33ec484
-
Size
921KB
-
Sample
221003-yssrcaded2
-
MD5
69a7a0dfb88149f2af59c37580049400
-
SHA1
6024ec70d707a983764125e030334d36905669a4
-
SHA256
6b4f9cb6b26d5feffa071f11d8f49a590c6f8656f896f22b6a28e87ad33ec484
-
SHA512
9a6868a679664f52ffb350471ca7469473b624fba4e871980d64a8778f3ceb09e3858b7781ce3923ec1c3d36bd672856d06424b64e81a9334debad6979407421
-
SSDEEP
24576:jlEAoyInhYf9x6NpphiNCG6KBTlBhcsn8ucsWBWQtf:BrtInhYf9x6NppYwG6KBRBXncsWBdf
Static task
static1
Behavioral task
behavioral1
Sample
6b4f9cb6b26d5feffa071f11d8f49a590c6f8656f896f22b6a28e87ad33ec484.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
6b4f9cb6b26d5feffa071f11d8f49a590c6f8656f896f22b6a28e87ad33ec484.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
6b4f9cb6b26d5feffa071f11d8f49a590c6f8656f896f22b6a28e87ad33ec484
-
Size
921KB
-
MD5
69a7a0dfb88149f2af59c37580049400
-
SHA1
6024ec70d707a983764125e030334d36905669a4
-
SHA256
6b4f9cb6b26d5feffa071f11d8f49a590c6f8656f896f22b6a28e87ad33ec484
-
SHA512
9a6868a679664f52ffb350471ca7469473b624fba4e871980d64a8778f3ceb09e3858b7781ce3923ec1c3d36bd672856d06424b64e81a9334debad6979407421
-
SSDEEP
24576:jlEAoyInhYf9x6NpphiNCG6KBTlBhcsn8ucsWBWQtf:BrtInhYf9x6NppYwG6KBRBXncsWBdf
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modifies firewall policy service
-
ModiLoader Second Stage
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-