General
-
Target
15601a50613c1c00a462a6b5b381e10d1c19ddb422efb36d36d5f8509bd0e0d1
-
Size
260KB
-
Sample
221126-qq7hqafg35
-
MD5
93ce44a772797533db4b8abe76d2f6f8
-
SHA1
153223a76e8f05e69830f5858ad262c12c443e39
-
SHA256
15601a50613c1c00a462a6b5b381e10d1c19ddb422efb36d36d5f8509bd0e0d1
-
SHA512
4b5d4a92973942b00e3c566b3ea19ab59623044454d41b2ba4048c53b004973d0a183aa70f73a59361f12071a70e79bf216c3db2934203e7e3c39bd0b844e37d
-
SSDEEP
6144:x5cbfn/UXFd5qpVvzhu9douIzZPgFTxslFLw:yHUXxqXhu9WuCZPMVEF
Static task
static1
Behavioral task
behavioral1
Sample
15601a50613c1c00a462a6b5b381e10d1c19ddb422efb36d36d5f8509bd0e0d1.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
15601a50613c1c00a462a6b5b381e10d1c19ddb422efb36d36d5f8509bd0e0d1.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
15601a50613c1c00a462a6b5b381e10d1c19ddb422efb36d36d5f8509bd0e0d1
-
Size
260KB
-
MD5
93ce44a772797533db4b8abe76d2f6f8
-
SHA1
153223a76e8f05e69830f5858ad262c12c443e39
-
SHA256
15601a50613c1c00a462a6b5b381e10d1c19ddb422efb36d36d5f8509bd0e0d1
-
SHA512
4b5d4a92973942b00e3c566b3ea19ab59623044454d41b2ba4048c53b004973d0a183aa70f73a59361f12071a70e79bf216c3db2934203e7e3c39bd0b844e37d
-
SSDEEP
6144:x5cbfn/UXFd5qpVvzhu9douIzZPgFTxslFLw:yHUXxqXhu9WuCZPMVEF
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-