General
-
Target
6dc472ca99051165d6cf2f2b0807380c60ef556f49835941e41f9f9fb183c05b
-
Size
108KB
-
Sample
221030-sqbgdsgghm
-
MD5
82cb127950bd78e3d111f3e1a56cd7cd
-
SHA1
6eeafd847d681f7ecd2d2a8b6e97d0a909c96ab1
-
SHA256
6dc472ca99051165d6cf2f2b0807380c60ef556f49835941e41f9f9fb183c05b
-
SHA512
c1810cd8c6061ecadfefb7c455e7645f80ed848d63ff5be89a2bd311887517f3c71dc3bcd2df88d2981fce5dd7da557f38b70044850f12be08134811c0d41b18
-
SSDEEP
1536:sWbEbt5nLgdnfeKDIy4jwBjZZN33ejz3VcP9EQv+K5NM9je5n:sWbEsn7Iy4ojt36zOOqHR
Malware Config
Targets
-
-
Target
6dc472ca99051165d6cf2f2b0807380c60ef556f49835941e41f9f9fb183c05b
-
Size
108KB
-
MD5
82cb127950bd78e3d111f3e1a56cd7cd
-
SHA1
6eeafd847d681f7ecd2d2a8b6e97d0a909c96ab1
-
SHA256
6dc472ca99051165d6cf2f2b0807380c60ef556f49835941e41f9f9fb183c05b
-
SHA512
c1810cd8c6061ecadfefb7c455e7645f80ed848d63ff5be89a2bd311887517f3c71dc3bcd2df88d2981fce5dd7da557f38b70044850f12be08134811c0d41b18
-
SSDEEP
1536:sWbEbt5nLgdnfeKDIy4jwBjZZN33ejz3VcP9EQv+K5NM9je5n:sWbEsn7Iy4ojt36zOOqHR
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-