General
-
Target
59f4e4afb1ae84ff796cf98b8f2c8647f7252fc7ffd0e461197b7d6d944f75f1
-
Size
1.2MB
-
Sample
221126-pzj84sge2x
-
MD5
75bec87a8dc506914d536a117fb9c6f8
-
SHA1
239e218830911e7e8513886e465eeee966671919
-
SHA256
59f4e4afb1ae84ff796cf98b8f2c8647f7252fc7ffd0e461197b7d6d944f75f1
-
SHA512
0e07a62f20dfcb8b3ad1b52c5901d963edcde45022bbcef75ce2fb2c7f1822b6f02f8b189909b5f2f466f02534346daa9ad88829af0310ecc91b2d9ce814cadd
-
SSDEEP
24576:LxBgcKNYRmJkcoQricOIQxiZY1iawTB/PPfNW:LTKTJZoQrbTFZY1iawxVW
Static task
static1
Behavioral task
behavioral1
Sample
59f4e4afb1ae84ff796cf98b8f2c8647f7252fc7ffd0e461197b7d6d944f75f1.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
59f4e4afb1ae84ff796cf98b8f2c8647f7252fc7ffd0e461197b7d6d944f75f1.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
59f4e4afb1ae84ff796cf98b8f2c8647f7252fc7ffd0e461197b7d6d944f75f1
-
Size
1.2MB
-
MD5
75bec87a8dc506914d536a117fb9c6f8
-
SHA1
239e218830911e7e8513886e465eeee966671919
-
SHA256
59f4e4afb1ae84ff796cf98b8f2c8647f7252fc7ffd0e461197b7d6d944f75f1
-
SHA512
0e07a62f20dfcb8b3ad1b52c5901d963edcde45022bbcef75ce2fb2c7f1822b6f02f8b189909b5f2f466f02534346daa9ad88829af0310ecc91b2d9ce814cadd
-
SSDEEP
24576:LxBgcKNYRmJkcoQricOIQxiZY1iawTB/PPfNW:LTKTJZoQrbTFZY1iawxVW
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-