General
-
Target
9cfcd7cc477b78c554c9f88c60dfd073a17af09872663d15bc689493f5e78053
-
Size
110KB
-
Sample
221126-ccr9zsdd33
-
MD5
a0a4452bf9d24f1082680bd6052b9fd0
-
SHA1
150cbac129712a7f58710c8b5d4999163f240223
-
SHA256
9cfcd7cc477b78c554c9f88c60dfd073a17af09872663d15bc689493f5e78053
-
SHA512
f8cedd2898376d8b57c68df13f5e7ff43cdcaff5fa09c1903eb26833241b04fa37a7535cf1cf73cd6c993d3a7b8269c9913fe910d61f5df5e50cc39938ae5ae1
-
SSDEEP
3072:G1+MJKrUnFYY5z1i0Nmbi5fJBN1O581esZXjout:OIrPj0NmWtN1d1esFjoS
Malware Config
Targets
-
-
Target
9cfcd7cc477b78c554c9f88c60dfd073a17af09872663d15bc689493f5e78053
-
Size
110KB
-
MD5
a0a4452bf9d24f1082680bd6052b9fd0
-
SHA1
150cbac129712a7f58710c8b5d4999163f240223
-
SHA256
9cfcd7cc477b78c554c9f88c60dfd073a17af09872663d15bc689493f5e78053
-
SHA512
f8cedd2898376d8b57c68df13f5e7ff43cdcaff5fa09c1903eb26833241b04fa37a7535cf1cf73cd6c993d3a7b8269c9913fe910d61f5df5e50cc39938ae5ae1
-
SSDEEP
3072:G1+MJKrUnFYY5z1i0Nmbi5fJBN1O581esZXjout:OIrPj0NmWtN1d1esFjoS
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
UAC bypass
-
ModiLoader Second Stage
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-