General
-
Target
b91a9aff36f6e8d2c78d1fc2c3fa742d174d56f56e282f04468c90538f54b840
-
Size
880KB
-
Sample
221201-pk8m6abc21
-
MD5
558fb4e70e56f0b4508138c83193f3b1
-
SHA1
2a060a5bc069f368d25c4108bab51fa0041457f4
-
SHA256
b91a9aff36f6e8d2c78d1fc2c3fa742d174d56f56e282f04468c90538f54b840
-
SHA512
f2c614fe5c8de95a07ddf3e657565310dcc1411f08656739612e9a809bcb9ab7c039dc894c4d2b084defbfb7a49c4f7f2afb15ba08453c926b22a624d7e73b34
-
SSDEEP
12288:nsaY8rzBtQmJa6IurrRDbT3OqiXLQu7N55FoUgUo+GfYB2zsRVrXxHXhRhZvqpHt:B/rzDfjIurrROqiXtAUum2g3Ju78Okt6
Behavioral task
behavioral1
Sample
b91a9aff36f6e8d2c78d1fc2c3fa742d174d56f56e282f04468c90538f54b840.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
b91a9aff36f6e8d2c78d1fc2c3fa742d174d56f56e282f04468c90538f54b840.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
b91a9aff36f6e8d2c78d1fc2c3fa742d174d56f56e282f04468c90538f54b840
-
Size
880KB
-
MD5
558fb4e70e56f0b4508138c83193f3b1
-
SHA1
2a060a5bc069f368d25c4108bab51fa0041457f4
-
SHA256
b91a9aff36f6e8d2c78d1fc2c3fa742d174d56f56e282f04468c90538f54b840
-
SHA512
f2c614fe5c8de95a07ddf3e657565310dcc1411f08656739612e9a809bcb9ab7c039dc894c4d2b084defbfb7a49c4f7f2afb15ba08453c926b22a624d7e73b34
-
SSDEEP
12288:nsaY8rzBtQmJa6IurrRDbT3OqiXLQu7N55FoUgUo+GfYB2zsRVrXxHXhRhZvqpHt:B/rzDfjIurrROqiXtAUum2g3Ju78Okt6
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-