General
-
Target
ffd9aaab75594402e924111d5d3de999d509ecd0ae684a438609cb825b0781c3
-
Size
635KB
-
Sample
221125-z3gmhaad5v
-
MD5
0f3d57bbfc63403dc20941918d29dba4
-
SHA1
c4293167f4daadbaf02493cf2d5583564e7e61c0
-
SHA256
ffd9aaab75594402e924111d5d3de999d509ecd0ae684a438609cb825b0781c3
-
SHA512
6b7fcccc5b569a1d1fa1915de14efe5d355252453452b01afc97664c1dd70394fb170f9e4502785ff1c3afcde66ab0b1c8b5917e4608e42177d702ec2c6c5963
-
SSDEEP
3072:0/UgvS5YtLDWnRs3R6o/Atccm7x2Ix6hmjxwxufni2xylViCVsE+K1wU7oG2tQdl:wLDmuC61cIxLjxwaXx/CSaVddfTB
Malware Config
Targets
-
-
Target
ffd9aaab75594402e924111d5d3de999d509ecd0ae684a438609cb825b0781c3
-
Size
635KB
-
MD5
0f3d57bbfc63403dc20941918d29dba4
-
SHA1
c4293167f4daadbaf02493cf2d5583564e7e61c0
-
SHA256
ffd9aaab75594402e924111d5d3de999d509ecd0ae684a438609cb825b0781c3
-
SHA512
6b7fcccc5b569a1d1fa1915de14efe5d355252453452b01afc97664c1dd70394fb170f9e4502785ff1c3afcde66ab0b1c8b5917e4608e42177d702ec2c6c5963
-
SSDEEP
3072:0/UgvS5YtLDWnRs3R6o/Atccm7x2Ix6hmjxwxufni2xylViCVsE+K1wU7oG2tQdl:wLDmuC61cIxLjxwaXx/CSaVddfTB
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-