General
-
Target
5ebf68b456b5bb3e70f1dfe6d790c9caf7486dfce700dca2c6e373dbdf8fb0a4
-
Size
686KB
-
Sample
221128-fzr5aada9w
-
MD5
68472da76023ead28fb65a00affc13f0
-
SHA1
2147b9a9b2a67e16322147df1c4387beab974b16
-
SHA256
5ebf68b456b5bb3e70f1dfe6d790c9caf7486dfce700dca2c6e373dbdf8fb0a4
-
SHA512
bf82c0fcc995aa713ebbe81fe85c6e3ab29aad2c855884028c5905dc408dfd473817e3b8b8ee4ff933b64a7f9a96765f39b682e0491b1845815f387c50b1aeee
-
SSDEEP
12288:Jjtju6APFo38dPbUpLbQJNBWQ4frvFa4w65DdaN3Rus0SDggZ6YcaPhFTUaM9tnA:VAPq3SbUeXorvjw0daFRr0S0grcIj5MQ
Malware Config
Targets
-
-
Target
5ebf68b456b5bb3e70f1dfe6d790c9caf7486dfce700dca2c6e373dbdf8fb0a4
-
Size
686KB
-
MD5
68472da76023ead28fb65a00affc13f0
-
SHA1
2147b9a9b2a67e16322147df1c4387beab974b16
-
SHA256
5ebf68b456b5bb3e70f1dfe6d790c9caf7486dfce700dca2c6e373dbdf8fb0a4
-
SHA512
bf82c0fcc995aa713ebbe81fe85c6e3ab29aad2c855884028c5905dc408dfd473817e3b8b8ee4ff933b64a7f9a96765f39b682e0491b1845815f387c50b1aeee
-
SSDEEP
12288:Jjtju6APFo38dPbUpLbQJNBWQ4frvFa4w65DdaN3Rus0SDggZ6YcaPhFTUaM9tnA:VAPq3SbUeXorvjw0daFRr0S0grcIj5MQ
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
UAC bypass
-
ModiLoader Second Stage
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-