General
-
Target
4aef83ad76a158c96365b2b48a6ff206d225a2c7bf843ab017170449913f0cfd
-
Size
370KB
-
Sample
221004-d44mrsahhq
-
MD5
c5f3a966991245ffbc86f898614c11d7
-
SHA1
6024a05734bbf33bf37ed95e89c88641e3217ed5
-
SHA256
4aef83ad76a158c96365b2b48a6ff206d225a2c7bf843ab017170449913f0cfd
-
SHA512
45992200bdf4b0e1b31af6bf9d868f1db5c4dc5281217716dc6df7816bd4f982546263fb64199793eb590aafea2474639b716f7c280134678bce803d5a80cf9f
-
SSDEEP
6144:sgZNATdYlG4AzEbNKsxnwwGEUPG0wm3gqYEIKIYLdpf7OB/riFMEdHPvJP1O0PQk:sgZNodYlG4RF9AEU/wPb4CB/riFMEPxd
Malware Config
Targets
-
-
Target
4aef83ad76a158c96365b2b48a6ff206d225a2c7bf843ab017170449913f0cfd
-
Size
370KB
-
MD5
c5f3a966991245ffbc86f898614c11d7
-
SHA1
6024a05734bbf33bf37ed95e89c88641e3217ed5
-
SHA256
4aef83ad76a158c96365b2b48a6ff206d225a2c7bf843ab017170449913f0cfd
-
SHA512
45992200bdf4b0e1b31af6bf9d868f1db5c4dc5281217716dc6df7816bd4f982546263fb64199793eb590aafea2474639b716f7c280134678bce803d5a80cf9f
-
SSDEEP
6144:sgZNATdYlG4AzEbNKsxnwwGEUPG0wm3gqYEIKIYLdpf7OB/riFMEdHPvJP1O0PQk:sgZNodYlG4RF9AEU/wPb4CB/riFMEPxd
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Drops file in System32 directory
-