General
-
Target
6092fa957812ad737266085d5a5ef72952798ecde71acad660455036e1bae872
-
Size
136KB
-
Sample
221020-lq19gsgadl
-
MD5
802f1229eadea45fa845b3c7c099ccc9
-
SHA1
438e303ef4e161421230977ad3fac84a346e7725
-
SHA256
6092fa957812ad737266085d5a5ef72952798ecde71acad660455036e1bae872
-
SHA512
08cac56ff6c8efe28d0a3aeaf41205bd5acf3251639195a9f1f63667be2fb9870e5c7bd44bbc3120a69c3dc5261d2d3b381327226889dd10b67472083bd3221b
-
SSDEEP
3072:Nioy8j7VnNdrPHaSekwi+mWSanLoTEssout/p:Ny8jZ7rvaU3+mW3LzXoS/
Malware Config
Targets
-
-
Target
6092fa957812ad737266085d5a5ef72952798ecde71acad660455036e1bae872
-
Size
136KB
-
MD5
802f1229eadea45fa845b3c7c099ccc9
-
SHA1
438e303ef4e161421230977ad3fac84a346e7725
-
SHA256
6092fa957812ad737266085d5a5ef72952798ecde71acad660455036e1bae872
-
SHA512
08cac56ff6c8efe28d0a3aeaf41205bd5acf3251639195a9f1f63667be2fb9870e5c7bd44bbc3120a69c3dc5261d2d3b381327226889dd10b67472083bd3221b
-
SSDEEP
3072:Nioy8j7VnNdrPHaSekwi+mWSanLoTEssout/p:Ny8jZ7rvaU3+mW3LzXoS/
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
UAC bypass
-
ModiLoader Second Stage
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-