General
-
Target
85aeac884c7763593e7a2d0ff6567ee9ecc805be4019ad6bb88ad178af65dbc5
-
Size
2.2MB
-
Sample
221125-l8j3xsdc9y
-
MD5
6ca4faf256bbd6ff2f95829f48a2374f
-
SHA1
49fae735ff368b5b2e2ee9bf2fffd20fca1a0f31
-
SHA256
85aeac884c7763593e7a2d0ff6567ee9ecc805be4019ad6bb88ad178af65dbc5
-
SHA512
51ed888565b5b99eb17eb433a717934ac2b646839a1624adf83313fef82e6adb1780e48fd37d6c0bd478de8ecbe97a3dea29653af5fd1f54260345b9a9ba798e
-
SSDEEP
49152:HpMRn2NcS7sE5pkKDGKffsAwLkTYMeIEj:HpMR2NJ3ffsAwgTYMFEj
Malware Config
Targets
-
-
Target
85aeac884c7763593e7a2d0ff6567ee9ecc805be4019ad6bb88ad178af65dbc5
-
Size
2.2MB
-
MD5
6ca4faf256bbd6ff2f95829f48a2374f
-
SHA1
49fae735ff368b5b2e2ee9bf2fffd20fca1a0f31
-
SHA256
85aeac884c7763593e7a2d0ff6567ee9ecc805be4019ad6bb88ad178af65dbc5
-
SHA512
51ed888565b5b99eb17eb433a717934ac2b646839a1624adf83313fef82e6adb1780e48fd37d6c0bd478de8ecbe97a3dea29653af5fd1f54260345b9a9ba798e
-
SSDEEP
49152:HpMRn2NcS7sE5pkKDGKffsAwLkTYMeIEj:HpMR2NJ3ffsAwgTYMFEj
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader First Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-