General
-
Target
e514382ffdd3d60fe257d4243f8960c81bba4935ad0f5d485e39a77fac63eacb
-
Size
441KB
-
Sample
221126-sl8w4ada32
-
MD5
248d93c80c5c4eb6c9294ad7d83c1afc
-
SHA1
f2a934566c9c07afe26cb9d6147dbee3e9e5493e
-
SHA256
e514382ffdd3d60fe257d4243f8960c81bba4935ad0f5d485e39a77fac63eacb
-
SHA512
8d824521db2f8f62cbb78c40db18b17643987acff9df3a7cff3d23824578dc007d9540285bbb2fbf280402c59f5743ec61a6217528a65b77df46631b91b026b0
-
SSDEEP
3072:WfNkW+exbiDypkGYhnPypkGYhnCFGbB/B7jWlyAKjaZDG7R1BkANIBWftz/tvvCJ:WFkWpmhnapmhn17R1BkAsWh/KydvSuK
Static task
static1
Behavioral task
behavioral1
Sample
e514382ffdd3d60fe257d4243f8960c81bba4935ad0f5d485e39a77fac63eacb.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
e514382ffdd3d60fe257d4243f8960c81bba4935ad0f5d485e39a77fac63eacb.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
e514382ffdd3d60fe257d4243f8960c81bba4935ad0f5d485e39a77fac63eacb
-
Size
441KB
-
MD5
248d93c80c5c4eb6c9294ad7d83c1afc
-
SHA1
f2a934566c9c07afe26cb9d6147dbee3e9e5493e
-
SHA256
e514382ffdd3d60fe257d4243f8960c81bba4935ad0f5d485e39a77fac63eacb
-
SHA512
8d824521db2f8f62cbb78c40db18b17643987acff9df3a7cff3d23824578dc007d9540285bbb2fbf280402c59f5743ec61a6217528a65b77df46631b91b026b0
-
SSDEEP
3072:WfNkW+exbiDypkGYhnPypkGYhnCFGbB/B7jWlyAKjaZDG7R1BkANIBWftz/tvvCJ:WFkWpmhnapmhn17R1BkAsWh/KydvSuK
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-