General
-
Target
cec38dab7cb263d1cd96f3908a87d7282df4dcdf3e362b773414e4a2d766862d
-
Size
443KB
-
Sample
221126-vvz2naea6x
-
MD5
3e9b02fef05c3364a4d688f3b7ea8741
-
SHA1
ecb95240df4befdbdc96e3697b13a32a43296095
-
SHA256
cec38dab7cb263d1cd96f3908a87d7282df4dcdf3e362b773414e4a2d766862d
-
SHA512
1fa50f692e8be489ae923ec0e5fec8aca41e7eaba32d4471e795051be2ffb8040c569b246ff351c3e49a6056eea027113baf1c94bff890aebcd83062606fbe29
-
SSDEEP
12288:XFJs3XraGmcmd/26o9juQ+pDQZPCgev4YYbTu:Xjs3XFxxpJ+pDKQJoTu
Behavioral task
behavioral1
Sample
cec38dab7cb263d1cd96f3908a87d7282df4dcdf3e362b773414e4a2d766862d.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
cec38dab7cb263d1cd96f3908a87d7282df4dcdf3e362b773414e4a2d766862d.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
cec38dab7cb263d1cd96f3908a87d7282df4dcdf3e362b773414e4a2d766862d
-
Size
443KB
-
MD5
3e9b02fef05c3364a4d688f3b7ea8741
-
SHA1
ecb95240df4befdbdc96e3697b13a32a43296095
-
SHA256
cec38dab7cb263d1cd96f3908a87d7282df4dcdf3e362b773414e4a2d766862d
-
SHA512
1fa50f692e8be489ae923ec0e5fec8aca41e7eaba32d4471e795051be2ffb8040c569b246ff351c3e49a6056eea027113baf1c94bff890aebcd83062606fbe29
-
SSDEEP
12288:XFJs3XraGmcmd/26o9juQ+pDQZPCgev4YYbTu:Xjs3XFxxpJ+pDKQJoTu
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-