General
-
Target
5c6478e63e8695d26c2081e8e87908cb64150372b255a0130d2cbfc15832cf67
-
Size
113KB
-
Sample
221011-k12sbsfce7
-
MD5
6515f9a1692340d8e9e3a1e1e1c82c68
-
SHA1
d13c2611dce6407bcf688915ee67017e5dbc11f3
-
SHA256
5c6478e63e8695d26c2081e8e87908cb64150372b255a0130d2cbfc15832cf67
-
SHA512
9b4ceb1ac32b45c28b7da3896ac0d702fd718d140572fb95be2826d945fede0cafa98ac2ebfe18092b4911da1f247f9bb2c38eb3cfec8d106d8422f256c9711e
-
SSDEEP
3072:soy8j7VnNdrPHaSekwi+mW+2AU1P1out:c8jZ7rvaU3+mWr51toS
Malware Config
Targets
-
-
Target
5c6478e63e8695d26c2081e8e87908cb64150372b255a0130d2cbfc15832cf67
-
Size
113KB
-
MD5
6515f9a1692340d8e9e3a1e1e1c82c68
-
SHA1
d13c2611dce6407bcf688915ee67017e5dbc11f3
-
SHA256
5c6478e63e8695d26c2081e8e87908cb64150372b255a0130d2cbfc15832cf67
-
SHA512
9b4ceb1ac32b45c28b7da3896ac0d702fd718d140572fb95be2826d945fede0cafa98ac2ebfe18092b4911da1f247f9bb2c38eb3cfec8d106d8422f256c9711e
-
SSDEEP
3072:soy8j7VnNdrPHaSekwi+mW+2AU1P1out:c8jZ7rvaU3+mWr51toS
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
UAC bypass
-
ModiLoader Second Stage
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-