General
-
Target
ddba2911635fdc50fb044de251ae8759dfb165913e083d4ac143e175d54722bd
-
Size
513KB
-
Sample
221126-njdwqaea7y
-
MD5
36dd4ba09c092bb20016aab069e65f40
-
SHA1
059e650a6189940609a0da753146bc25679d6cba
-
SHA256
ddba2911635fdc50fb044de251ae8759dfb165913e083d4ac143e175d54722bd
-
SHA512
4b28d5b26ad44ca10c627b5afa769c840ec205d7c83afc5aba82eb58b2b3a604e8f6e54a844df4eaa52920ac6c113bc33852e0a395a48797cde58bf708858a07
-
SSDEEP
3072:AlNWrGWCLn2ikvt2DHr3rFtwQsIM9E+Yt2DLF7teWszboC4OM3:1rGWQHzDtmQsj9JDLdCa3
Static task
static1
Behavioral task
behavioral1
Sample
ddba2911635fdc50fb044de251ae8759dfb165913e083d4ac143e175d54722bd.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
ddba2911635fdc50fb044de251ae8759dfb165913e083d4ac143e175d54722bd.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
ddba2911635fdc50fb044de251ae8759dfb165913e083d4ac143e175d54722bd
-
Size
513KB
-
MD5
36dd4ba09c092bb20016aab069e65f40
-
SHA1
059e650a6189940609a0da753146bc25679d6cba
-
SHA256
ddba2911635fdc50fb044de251ae8759dfb165913e083d4ac143e175d54722bd
-
SHA512
4b28d5b26ad44ca10c627b5afa769c840ec205d7c83afc5aba82eb58b2b3a604e8f6e54a844df4eaa52920ac6c113bc33852e0a395a48797cde58bf708858a07
-
SSDEEP
3072:AlNWrGWCLn2ikvt2DHr3rFtwQsIM9E+Yt2DLF7teWszboC4OM3:1rGWQHzDtmQsj9JDLdCa3
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-