General
-
Target
a5a35e5d8a5e778629d06989a3d2b09166a371b4181c8699223ec243e4750cb6
-
Size
179KB
-
Sample
221129-qr83yadb97
-
MD5
6d44cc17089f874f023c405521c6abe5
-
SHA1
7b578b40358098f8daafa529c52d74c563682877
-
SHA256
a5a35e5d8a5e778629d06989a3d2b09166a371b4181c8699223ec243e4750cb6
-
SHA512
f86339e807030e1756e9e229d5e404331c05c48a6054dead794ff58b5ae1fbf9a976250e0280c43b3b31d820b67404dcc16abb24ec4997a100b53fc578cd5f63
-
SSDEEP
3072:roy8j7VnNdrPHaSekwi+mW+2ujQYoutA1WMyTTedLbE1WMyTTedLbm:r8jZ7rvaU3+mWryQYoSoyTTedLAyTTeI
Malware Config
Targets
-
-
Target
a5a35e5d8a5e778629d06989a3d2b09166a371b4181c8699223ec243e4750cb6
-
Size
179KB
-
MD5
6d44cc17089f874f023c405521c6abe5
-
SHA1
7b578b40358098f8daafa529c52d74c563682877
-
SHA256
a5a35e5d8a5e778629d06989a3d2b09166a371b4181c8699223ec243e4750cb6
-
SHA512
f86339e807030e1756e9e229d5e404331c05c48a6054dead794ff58b5ae1fbf9a976250e0280c43b3b31d820b67404dcc16abb24ec4997a100b53fc578cd5f63
-
SSDEEP
3072:roy8j7VnNdrPHaSekwi+mW+2ujQYoutA1WMyTTedLbE1WMyTTedLbm:r8jZ7rvaU3+mWryQYoSoyTTedLAyTTeI
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
UAC bypass
-
ModiLoader Second Stage
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-