General
-
Target
8db7e68544f7c3b81a16ac7c2b2f0d2aa3b53aa9bffdef14699ab45d4bbf96c9
-
Size
1.1MB
-
Sample
221129-gcefcaaf62
-
MD5
58402abe7ecced2abd8fe481a4bf9850
-
SHA1
b1a459210ade7c983b6cdabfbf4616aa9a5715ae
-
SHA256
8db7e68544f7c3b81a16ac7c2b2f0d2aa3b53aa9bffdef14699ab45d4bbf96c9
-
SHA512
07b39030db9d90fce0d51b69e45efc15aee7e0bbc860cd61fc66e83cd883452534fbca3366cb4beb939b1de6b52db513cf649999da86a7cabd2cbf942007ba7b
-
SSDEEP
24576:OvwQyBaWnBCqyaaNCM2OAjpuDqhweV/ONdm:OvlyBaWntyrNBlA9uGhwvNdm
Static task
static1
Behavioral task
behavioral1
Sample
8db7e68544f7c3b81a16ac7c2b2f0d2aa3b53aa9bffdef14699ab45d4bbf96c9.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
8db7e68544f7c3b81a16ac7c2b2f0d2aa3b53aa9bffdef14699ab45d4bbf96c9.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
8db7e68544f7c3b81a16ac7c2b2f0d2aa3b53aa9bffdef14699ab45d4bbf96c9
-
Size
1.1MB
-
MD5
58402abe7ecced2abd8fe481a4bf9850
-
SHA1
b1a459210ade7c983b6cdabfbf4616aa9a5715ae
-
SHA256
8db7e68544f7c3b81a16ac7c2b2f0d2aa3b53aa9bffdef14699ab45d4bbf96c9
-
SHA512
07b39030db9d90fce0d51b69e45efc15aee7e0bbc860cd61fc66e83cd883452534fbca3366cb4beb939b1de6b52db513cf649999da86a7cabd2cbf942007ba7b
-
SSDEEP
24576:OvwQyBaWnBCqyaaNCM2OAjpuDqhweV/ONdm:OvlyBaWntyrNBlA9uGhwvNdm
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-