General
-
Target
1044497578095523c650c847a7fa04358d1454f66188b6fc1893b31a3747a418
-
Size
110KB
-
Sample
221128-kqsrnsah24
-
MD5
7a582409e283366413c50430e7904f4b
-
SHA1
bbe73b1346732596ddf93cde4863d356c2b7b776
-
SHA256
1044497578095523c650c847a7fa04358d1454f66188b6fc1893b31a3747a418
-
SHA512
223c83445e77f27f93f12f3ac98c64e05b59f9a7c5cad68c3d06c36486e7ad8aafa95591bac254ca064f3e319df407e865b69e6688f445843c08ae4425f19ec2
-
SSDEEP
1536:+YKd0/JcdrcNHI7bu/83HjaQWTCCS64L5vijrNw2XFfphlwG7z9/bSZvzsiQwSd+:JKP9/ZqT/2qJphlHf9/bS9zsrwS8
Malware Config
Targets
-
-
Target
1044497578095523c650c847a7fa04358d1454f66188b6fc1893b31a3747a418
-
Size
110KB
-
MD5
7a582409e283366413c50430e7904f4b
-
SHA1
bbe73b1346732596ddf93cde4863d356c2b7b776
-
SHA256
1044497578095523c650c847a7fa04358d1454f66188b6fc1893b31a3747a418
-
SHA512
223c83445e77f27f93f12f3ac98c64e05b59f9a7c5cad68c3d06c36486e7ad8aafa95591bac254ca064f3e319df407e865b69e6688f445843c08ae4425f19ec2
-
SSDEEP
1536:+YKd0/JcdrcNHI7bu/83HjaQWTCCS64L5vijrNw2XFfphlwG7z9/bSZvzsiQwSd+:JKP9/ZqT/2qJphlHf9/bS9zsrwS8
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-