General
-
Target
8c4a22f48726a955f88f52a56ce34a5e3ea82e36d641cc7cc1c0dd097845cb5e
-
Size
299KB
-
Sample
221003-z1q36affb3
-
MD5
3afec8ce8d988162c77f47f769f657b8
-
SHA1
5bef1b2ce5ef119884381f7bcff7860b60dcc048
-
SHA256
8c4a22f48726a955f88f52a56ce34a5e3ea82e36d641cc7cc1c0dd097845cb5e
-
SHA512
b6af0eed4ec7b17edf2ec0b79bcc89a0e923a3ef88b7ccab63ed661cd9f8fa2774d385dbc84c858295e2733306848662e60b79356223d8d98d1c11aae9bb9e0c
-
SSDEEP
6144:AuCeBGw82i4MaCqCGlGfr/9t7HVJrmxF3eTd6fWqiog1Mp1JJ52Q5kd:OeBGv2i4MtBGlGbP7HViYTuioec2oY
Static task
static1
Behavioral task
behavioral1
Sample
8c4a22f48726a955f88f52a56ce34a5e3ea82e36d641cc7cc1c0dd097845cb5e.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
8c4a22f48726a955f88f52a56ce34a5e3ea82e36d641cc7cc1c0dd097845cb5e.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
8c4a22f48726a955f88f52a56ce34a5e3ea82e36d641cc7cc1c0dd097845cb5e
-
Size
299KB
-
MD5
3afec8ce8d988162c77f47f769f657b8
-
SHA1
5bef1b2ce5ef119884381f7bcff7860b60dcc048
-
SHA256
8c4a22f48726a955f88f52a56ce34a5e3ea82e36d641cc7cc1c0dd097845cb5e
-
SHA512
b6af0eed4ec7b17edf2ec0b79bcc89a0e923a3ef88b7ccab63ed661cd9f8fa2774d385dbc84c858295e2733306848662e60b79356223d8d98d1c11aae9bb9e0c
-
SSDEEP
6144:AuCeBGw82i4MaCqCGlGfr/9t7HVJrmxF3eTd6fWqiog1Mp1JJ52Q5kd:OeBGv2i4MtBGlGbP7HViYTuioec2oY
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-