General
-
Target
8f8653112816d42653f9b33330762c3116fff6b9b844c82bbdf719516bc08b27
-
Size
128KB
-
Sample
221128-fas1aafc34
-
MD5
71551782d47b92b80486f82e858b1ed2
-
SHA1
e4a0e060964ea2a20d0d2840b88b352d84157953
-
SHA256
8f8653112816d42653f9b33330762c3116fff6b9b844c82bbdf719516bc08b27
-
SHA512
d91501c79018cd042dce05bf3d93fc4efe67e4f10877825242c705dce3b719fd0f1af5a4a29eb29f76672322771cad560a7d702789daa086c1291450979da756
-
SSDEEP
1536:iT5P8baNnG32h4lUnGUK7PeB5/qKbFUt3x/BNgfZKKha3luHBVZx84WQmyyyb2I9:Qqd2h4XLPq9bFcgfIKhaVCiEQ0dj6c
Malware Config
Targets
-
-
Target
8f8653112816d42653f9b33330762c3116fff6b9b844c82bbdf719516bc08b27
-
Size
128KB
-
MD5
71551782d47b92b80486f82e858b1ed2
-
SHA1
e4a0e060964ea2a20d0d2840b88b352d84157953
-
SHA256
8f8653112816d42653f9b33330762c3116fff6b9b844c82bbdf719516bc08b27
-
SHA512
d91501c79018cd042dce05bf3d93fc4efe67e4f10877825242c705dce3b719fd0f1af5a4a29eb29f76672322771cad560a7d702789daa086c1291450979da756
-
SSDEEP
1536:iT5P8baNnG32h4lUnGUK7PeB5/qKbFUt3x/BNgfZKKha3luHBVZx84WQmyyyb2I9:Qqd2h4XLPq9bFcgfIKhaVCiEQ0dj6c
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
UAC bypass
-
ModiLoader Second Stage
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-