General
-
Target
f83a681bbba9da64244f71dcca0e5f8981138bd34a22c975a591952397ec6927
-
Size
287KB
-
Sample
221130-3kelzaeg44
-
MD5
ac05375ca7a9d2877805b5314f7605f5
-
SHA1
7d8cf73c494df1bb9fcee0b1ffcb404865e72fec
-
SHA256
f83a681bbba9da64244f71dcca0e5f8981138bd34a22c975a591952397ec6927
-
SHA512
48c6f8af1dd6ffb15178bd937e13b40b5a34aa84a5648085cd31c58abe8065b84c8f23b2262118a7a13d4ced0448157faef2b981befeff1d78a43ff4db0e0a53
-
SSDEEP
6144:OG377xS2Vp2CeiorXdwTBgWx42E53wVpcCJJvHp:tr7xS2Vp6RwTyCvBVbJJvHp
Malware Config
Targets
-
-
Target
f83a681bbba9da64244f71dcca0e5f8981138bd34a22c975a591952397ec6927
-
Size
287KB
-
MD5
ac05375ca7a9d2877805b5314f7605f5
-
SHA1
7d8cf73c494df1bb9fcee0b1ffcb404865e72fec
-
SHA256
f83a681bbba9da64244f71dcca0e5f8981138bd34a22c975a591952397ec6927
-
SHA512
48c6f8af1dd6ffb15178bd937e13b40b5a34aa84a5648085cd31c58abe8065b84c8f23b2262118a7a13d4ced0448157faef2b981befeff1d78a43ff4db0e0a53
-
SSDEEP
6144:OG377xS2Vp2CeiorXdwTBgWx42E53wVpcCJJvHp:tr7xS2Vp6RwTyCvBVbJJvHp
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
UAC bypass
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-