General
-
Target
940073f8271ebf8af00b1a805a635827fa9083123b571fce1acffca229b9e249
-
Size
130KB
-
Sample
221126-ld7kqsgc46
-
MD5
c025f4a90e28ab6fda40da5cd029a281
-
SHA1
9ae58932a63684613614a29ab5b8927f89c53739
-
SHA256
940073f8271ebf8af00b1a805a635827fa9083123b571fce1acffca229b9e249
-
SHA512
37cf8f441d16a500e849824c00b65af7a6ed28d85dcde7ab2207a94af0afa3ac7c185a0e6971902947bf84e87fbdad1d967358819ba6f25ddbb66f3f7abf8176
-
SSDEEP
3072:tnFnEqcTCJROHh+/VU7o/HGdKk0x3uy0rVX:tnFnEqcTCJROB+t0o/HM0xeht
Static task
static1
Behavioral task
behavioral1
Sample
940073f8271ebf8af00b1a805a635827fa9083123b571fce1acffca229b9e249.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
940073f8271ebf8af00b1a805a635827fa9083123b571fce1acffca229b9e249.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
940073f8271ebf8af00b1a805a635827fa9083123b571fce1acffca229b9e249
-
Size
130KB
-
MD5
c025f4a90e28ab6fda40da5cd029a281
-
SHA1
9ae58932a63684613614a29ab5b8927f89c53739
-
SHA256
940073f8271ebf8af00b1a805a635827fa9083123b571fce1acffca229b9e249
-
SHA512
37cf8f441d16a500e849824c00b65af7a6ed28d85dcde7ab2207a94af0afa3ac7c185a0e6971902947bf84e87fbdad1d967358819ba6f25ddbb66f3f7abf8176
-
SSDEEP
3072:tnFnEqcTCJROHh+/VU7o/HGdKk0x3uy0rVX:tnFnEqcTCJROB+t0o/HM0xeht
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-