General
-
Target
411c10491ceca5febe92be42ce2fbb3110ad8330d13a9d354c2f3bbbca4b070e
-
Size
113KB
-
Sample
221201-k8fvtsde93
-
MD5
27eb476837647fc82c8b7da199d45bf0
-
SHA1
a346e377217b892ef1676f6d15979908568628dd
-
SHA256
411c10491ceca5febe92be42ce2fbb3110ad8330d13a9d354c2f3bbbca4b070e
-
SHA512
6e9cc27a5861b6479e1e7ec45cdb63557df3a9b53e76f4a8c511425419f6b3f8f77f3a2fe64f6e827f75a817b370bb618cad4240239ca4352cbd1820e833c9a3
-
SSDEEP
3072:o1+MJKrUnFYY5z1i0Nmbi5fJBN7yEf9Sout:QIrPj0NmWtN7yEf0oS
Malware Config
Targets
-
-
Target
411c10491ceca5febe92be42ce2fbb3110ad8330d13a9d354c2f3bbbca4b070e
-
Size
113KB
-
MD5
27eb476837647fc82c8b7da199d45bf0
-
SHA1
a346e377217b892ef1676f6d15979908568628dd
-
SHA256
411c10491ceca5febe92be42ce2fbb3110ad8330d13a9d354c2f3bbbca4b070e
-
SHA512
6e9cc27a5861b6479e1e7ec45cdb63557df3a9b53e76f4a8c511425419f6b3f8f77f3a2fe64f6e827f75a817b370bb618cad4240239ca4352cbd1820e833c9a3
-
SSDEEP
3072:o1+MJKrUnFYY5z1i0Nmbi5fJBN7yEf9Sout:QIrPj0NmWtN7yEf0oS
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
UAC bypass
-
ModiLoader Second Stage
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-