General
-
Target
78fee803cb69e5290187853496d3babb4a92e28045b38df8770f009862387c5a
-
Size
215KB
-
Sample
221014-lref4shhf5
-
MD5
6cb5aa913db225a420e922eac95e1350
-
SHA1
b751a86f27417b543a6a5b651f22a513abebb651
-
SHA256
78fee803cb69e5290187853496d3babb4a92e28045b38df8770f009862387c5a
-
SHA512
7004de67290b129393bb5df36e551dde19d010119c3cab911a841d6d1f5d3c4826e2e988767ce3c68f8165008baf1b7736cb4d7b81da47b375a870fbc42c5a29
-
SSDEEP
3072:joy8j7VnNdrPHaSekwi+mWrAw6TiPE0sqoutaQWO3oNPUWpvfH7thjXItPGx:D8jZ7rvaU3+mW8TIoSZWVVUmf/aPG
Malware Config
Targets
-
-
Target
78fee803cb69e5290187853496d3babb4a92e28045b38df8770f009862387c5a
-
Size
215KB
-
MD5
6cb5aa913db225a420e922eac95e1350
-
SHA1
b751a86f27417b543a6a5b651f22a513abebb651
-
SHA256
78fee803cb69e5290187853496d3babb4a92e28045b38df8770f009862387c5a
-
SHA512
7004de67290b129393bb5df36e551dde19d010119c3cab911a841d6d1f5d3c4826e2e988767ce3c68f8165008baf1b7736cb4d7b81da47b375a870fbc42c5a29
-
SSDEEP
3072:joy8j7VnNdrPHaSekwi+mWrAw6TiPE0sqoutaQWO3oNPUWpvfH7thjXItPGx:D8jZ7rvaU3+mW8TIoSZWVVUmf/aPG
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
UAC bypass
-
ModiLoader Second Stage
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-