General
-
Target
424ecf311d1de09c9854d6d1887cd03be0e4b6359b97f893af607fd4b08d6697
-
Size
492KB
-
Sample
221123-tb9lbagf9v
-
MD5
41a48d29bad8973ec887c07a73b0ca7a
-
SHA1
21f9362ff1bd54f0c6a92db1388e1bccb2b6caa1
-
SHA256
424ecf311d1de09c9854d6d1887cd03be0e4b6359b97f893af607fd4b08d6697
-
SHA512
e0ce1653c72221a5338a36aa61cbeda2b92dae8316974feb4117ccfe78f43f3522ab0e19aeb270853c88e53be676d9e489785e7f95bc1259edd47fcf16c72bba
-
SSDEEP
12288:JjuTkMa586N2rAs3e3D35UQpXyjWz8iu6pqXALLbr2U7QFxyzw:JsUNl6yD2KXYWzj3rZQFz
Static task
static1
Behavioral task
behavioral1
Sample
424ecf311d1de09c9854d6d1887cd03be0e4b6359b97f893af607fd4b08d6697.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
424ecf311d1de09c9854d6d1887cd03be0e4b6359b97f893af607fd4b08d6697.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
424ecf311d1de09c9854d6d1887cd03be0e4b6359b97f893af607fd4b08d6697
-
Size
492KB
-
MD5
41a48d29bad8973ec887c07a73b0ca7a
-
SHA1
21f9362ff1bd54f0c6a92db1388e1bccb2b6caa1
-
SHA256
424ecf311d1de09c9854d6d1887cd03be0e4b6359b97f893af607fd4b08d6697
-
SHA512
e0ce1653c72221a5338a36aa61cbeda2b92dae8316974feb4117ccfe78f43f3522ab0e19aeb270853c88e53be676d9e489785e7f95bc1259edd47fcf16c72bba
-
SSDEEP
12288:JjuTkMa586N2rAs3e3D35UQpXyjWz8iu6pqXALLbr2U7QFxyzw:JsUNl6yD2KXYWzj3rZQFz
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modifies visiblity of hidden/system files in Explorer
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-