General
-
Target
aa256ce88da6d63d9033329e54a64a39f3e846a347c0137319b7c5eb699877f2
-
Size
389KB
-
Sample
221106-jn6ebadafj
-
MD5
400fb8ad495bdc7fc1c75d705f40f050
-
SHA1
03dc6874ad88c025aa4e7d267cd5804e3a5c97e7
-
SHA256
aa256ce88da6d63d9033329e54a64a39f3e846a347c0137319b7c5eb699877f2
-
SHA512
d64fd05f218b2d0cb765bfa8a0e63fefd0ce91c6485d468582ef22f54128a92c06f5e1e85adf3f6f5f22337012d8a26d270041a30b359ee7c5052edc790b1d5b
-
SSDEEP
6144:ZBHwn18nwD+OkWgHNsPODCtObDIffa+enBrhThmhZcJcaIqkFd15FULlH+y/jmAU:rkyOkdu2eQPIfS+enTYb9qSzFULJFm9
Malware Config
Targets
-
-
Target
aa256ce88da6d63d9033329e54a64a39f3e846a347c0137319b7c5eb699877f2
-
Size
389KB
-
MD5
400fb8ad495bdc7fc1c75d705f40f050
-
SHA1
03dc6874ad88c025aa4e7d267cd5804e3a5c97e7
-
SHA256
aa256ce88da6d63d9033329e54a64a39f3e846a347c0137319b7c5eb699877f2
-
SHA512
d64fd05f218b2d0cb765bfa8a0e63fefd0ce91c6485d468582ef22f54128a92c06f5e1e85adf3f6f5f22337012d8a26d270041a30b359ee7c5052edc790b1d5b
-
SSDEEP
6144:ZBHwn18nwD+OkWgHNsPODCtObDIffa+enBrhThmhZcJcaIqkFd15FULlH+y/jmAU:rkyOkdu2eQPIfS+enTYb9qSzFULJFm9
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-