General
-
Target
feb4160c04797471ba1ee5673f181e719706f5950eecbb119de20575dc9612a6
-
Size
76KB
-
Sample
221128-btgzxahh21
-
MD5
224eafc304152362f7da0a216c4d4afa
-
SHA1
363a0434337e70d7a65d9f6f244c37c192f1381e
-
SHA256
feb4160c04797471ba1ee5673f181e719706f5950eecbb119de20575dc9612a6
-
SHA512
32da63ae2492a2b1cd7e92525e36175bf46f80f33108dc551b6a59a38e57ba3c29a7c9adfbdee03625e591781293bdb16db548413c917a74e4b0d9fa0a1b3bea
-
SSDEEP
1536:NQ1uILGBZbj4GUUQT0DrXJ6xOWtGcjt7+7Jriua/wd/x4Hyfh:NQoOG/Xth9DrXJmOWtGcjtS7Juurd/+w
Static task
static1
Behavioral task
behavioral1
Sample
feb4160c04797471ba1ee5673f181e719706f5950eecbb119de20575dc9612a6.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
feb4160c04797471ba1ee5673f181e719706f5950eecbb119de20575dc9612a6.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
feb4160c04797471ba1ee5673f181e719706f5950eecbb119de20575dc9612a6
-
Size
76KB
-
MD5
224eafc304152362f7da0a216c4d4afa
-
SHA1
363a0434337e70d7a65d9f6f244c37c192f1381e
-
SHA256
feb4160c04797471ba1ee5673f181e719706f5950eecbb119de20575dc9612a6
-
SHA512
32da63ae2492a2b1cd7e92525e36175bf46f80f33108dc551b6a59a38e57ba3c29a7c9adfbdee03625e591781293bdb16db548413c917a74e4b0d9fa0a1b3bea
-
SSDEEP
1536:NQ1uILGBZbj4GUUQT0DrXJ6xOWtGcjt7+7Jriua/wd/x4Hyfh:NQoOG/Xth9DrXJmOWtGcjtS7Juurd/+w
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-