General
-
Target
adb3a7256761e20f71dc304d6192401256b13c22a5673caefd3424739d62b1c5
-
Size
518KB
-
Sample
221201-pf8glafd74
-
MD5
7c1a10f9803c85722fbc9217ff17b1c8
-
SHA1
15ac51584261128f99dbb0160c2d5ff964b528ab
-
SHA256
adb3a7256761e20f71dc304d6192401256b13c22a5673caefd3424739d62b1c5
-
SHA512
6281c932c6e04097715596e4d5f36df35980b820da36565b63f190ec213b0c88cbae6873e665dd7a605d2f8cc60da2c1cee9ac7ba461f0d1559bd2ce77cf5f3e
-
SSDEEP
12288:vTLVX35sD+8fKtRF8V9XVmF8R1GiOBv2BThZ0v/oSM:vTISBRFWgeR10Bv2BTUv2
Malware Config
Targets
-
-
Target
adb3a7256761e20f71dc304d6192401256b13c22a5673caefd3424739d62b1c5
-
Size
518KB
-
MD5
7c1a10f9803c85722fbc9217ff17b1c8
-
SHA1
15ac51584261128f99dbb0160c2d5ff964b528ab
-
SHA256
adb3a7256761e20f71dc304d6192401256b13c22a5673caefd3424739d62b1c5
-
SHA512
6281c932c6e04097715596e4d5f36df35980b820da36565b63f190ec213b0c88cbae6873e665dd7a605d2f8cc60da2c1cee9ac7ba461f0d1559bd2ce77cf5f3e
-
SSDEEP
12288:vTLVX35sD+8fKtRF8V9XVmF8R1GiOBv2BThZ0v/oSM:vTISBRFWgeR10Bv2BTUv2
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-