General
-
Target
8bc24230a50e2864376c60ed35d70d5c6afc6f51083c28faef9e9a06e96fb5dc
-
Size
108KB
-
Sample
221126-we6d6sfe8s
-
MD5
7f153c69e1c47f2d2488db26caf1bb59
-
SHA1
da6cba4f375d8a48c352b8324da69db6fc04533a
-
SHA256
8bc24230a50e2864376c60ed35d70d5c6afc6f51083c28faef9e9a06e96fb5dc
-
SHA512
8a4618b5919dc190c87715c5478bdf5b3256ba6990d3ffcd45f7466fca055412f6f2bd847252d00a63b981d9219ab2ac72f8b2f4e2b8cf9dbabd3cdd0c1c1523
-
SSDEEP
3072:f1+MJKrUnFYY5z1i0Nmbi5fJBNFSg7out:FIrPj0NmWtNFSg7oS
Malware Config
Targets
-
-
Target
8bc24230a50e2864376c60ed35d70d5c6afc6f51083c28faef9e9a06e96fb5dc
-
Size
108KB
-
MD5
7f153c69e1c47f2d2488db26caf1bb59
-
SHA1
da6cba4f375d8a48c352b8324da69db6fc04533a
-
SHA256
8bc24230a50e2864376c60ed35d70d5c6afc6f51083c28faef9e9a06e96fb5dc
-
SHA512
8a4618b5919dc190c87715c5478bdf5b3256ba6990d3ffcd45f7466fca055412f6f2bd847252d00a63b981d9219ab2ac72f8b2f4e2b8cf9dbabd3cdd0c1c1523
-
SSDEEP
3072:f1+MJKrUnFYY5z1i0Nmbi5fJBNFSg7out:FIrPj0NmWtNFSg7oS
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
UAC bypass
-
ModiLoader Second Stage
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-