General
-
Target
2bf25cedadf332c7c704b35eebd78182f8f35b85d77a110dfb62c7761ab81080
-
Size
348KB
-
Sample
221126-akmclaha64
-
MD5
e8e241226dbaedb679b3d460fa347d07
-
SHA1
c0e193184cc3425a816797567484df2923b73c1a
-
SHA256
2bf25cedadf332c7c704b35eebd78182f8f35b85d77a110dfb62c7761ab81080
-
SHA512
b5dc08603a21091b14591f2840daea94e6ef9d2ca39cd68ddc1597b1536b9d7af2d76229fe20809772a01e5fa44d009f6cc5d974fd0da357b7f67c963faba577
-
SSDEEP
6144:9QM1JNEHkOHHb/xKv3huj63yTVn3LRvO+S6f7bUtuh:uOJNUkOcYjag3hO+S6f7b/
Malware Config
Targets
-
-
Target
2bf25cedadf332c7c704b35eebd78182f8f35b85d77a110dfb62c7761ab81080
-
Size
348KB
-
MD5
e8e241226dbaedb679b3d460fa347d07
-
SHA1
c0e193184cc3425a816797567484df2923b73c1a
-
SHA256
2bf25cedadf332c7c704b35eebd78182f8f35b85d77a110dfb62c7761ab81080
-
SHA512
b5dc08603a21091b14591f2840daea94e6ef9d2ca39cd68ddc1597b1536b9d7af2d76229fe20809772a01e5fa44d009f6cc5d974fd0da357b7f67c963faba577
-
SSDEEP
6144:9QM1JNEHkOHHb/xKv3huj63yTVn3LRvO+S6f7bUtuh:uOJNUkOcYjag3hO+S6f7b/
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modifies WinLogon for persistence
-
ModiLoader Second Stage
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-