General
-
Target
2e19930da2b987b4e65eacc79f0df605b89d1135ee6d1d6c3cfd857a2989aa23
-
Size
488KB
-
Sample
221129-jx31jsdh9v
-
MD5
5db1f0b7430b6508d25e627a60cf4f70
-
SHA1
527f235665a42bbc465867715ea0e13ebc3b3bae
-
SHA256
2e19930da2b987b4e65eacc79f0df605b89d1135ee6d1d6c3cfd857a2989aa23
-
SHA512
602714806064a519af872985fa44253c6daf6a5fec32dc056494a983fd85e270cfd102157b9058fc52fb53026fea65f8ac6fd922e17064df96aee4b27661467f
-
SSDEEP
6144:PuUnSO2GjZkD10BIY3rb1YfBdfpoZ3u/Ht52w6JSeiFPXRo6LjLy84uc:lnx2GjMY3XKfd/H/9Pm6Lv+uc
Behavioral task
behavioral1
Sample
2e19930da2b987b4e65eacc79f0df605b89d1135ee6d1d6c3cfd857a2989aa23.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
2e19930da2b987b4e65eacc79f0df605b89d1135ee6d1d6c3cfd857a2989aa23.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
2e19930da2b987b4e65eacc79f0df605b89d1135ee6d1d6c3cfd857a2989aa23
-
Size
488KB
-
MD5
5db1f0b7430b6508d25e627a60cf4f70
-
SHA1
527f235665a42bbc465867715ea0e13ebc3b3bae
-
SHA256
2e19930da2b987b4e65eacc79f0df605b89d1135ee6d1d6c3cfd857a2989aa23
-
SHA512
602714806064a519af872985fa44253c6daf6a5fec32dc056494a983fd85e270cfd102157b9058fc52fb53026fea65f8ac6fd922e17064df96aee4b27661467f
-
SSDEEP
6144:PuUnSO2GjZkD10BIY3rb1YfBdfpoZ3u/Ht52w6JSeiFPXRo6LjLy84uc:lnx2GjMY3XKfd/H/9Pm6Lv+uc
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-