General
-
Target
e3dd35ce92fcfee7c0911b3fb907695197c656a23df8a18e9763f96e22cb28ff
-
Size
1.3MB
-
Sample
221201-pla4aabc3x
-
MD5
dbca52728748780dda52f4fbbad8ce47
-
SHA1
7cc962033c88c8c838ab6605d581d3f24261958d
-
SHA256
e3dd35ce92fcfee7c0911b3fb907695197c656a23df8a18e9763f96e22cb28ff
-
SHA512
e77ed5be2cb2fbb3a0646998120f8e94784ee2eb30a81cf5f4615a94e88439ad7dc285bc27fa1d2d64e6e3a6114e9a0f581c36fa366b06dffbe525b0cac3e84c
-
SSDEEP
24576:hmQrHSjUCCcBaBXW92E6MU2scBobaPvuSwxLUWoXRfkFnld727r/Kq:hmXgB3MOBbaPvuNYWIhr/Kq
Static task
static1
Behavioral task
behavioral1
Sample
e3dd35ce92fcfee7c0911b3fb907695197c656a23df8a18e9763f96e22cb28ff.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
e3dd35ce92fcfee7c0911b3fb907695197c656a23df8a18e9763f96e22cb28ff.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
e3dd35ce92fcfee7c0911b3fb907695197c656a23df8a18e9763f96e22cb28ff
-
Size
1.3MB
-
MD5
dbca52728748780dda52f4fbbad8ce47
-
SHA1
7cc962033c88c8c838ab6605d581d3f24261958d
-
SHA256
e3dd35ce92fcfee7c0911b3fb907695197c656a23df8a18e9763f96e22cb28ff
-
SHA512
e77ed5be2cb2fbb3a0646998120f8e94784ee2eb30a81cf5f4615a94e88439ad7dc285bc27fa1d2d64e6e3a6114e9a0f581c36fa366b06dffbe525b0cac3e84c
-
SSDEEP
24576:hmQrHSjUCCcBaBXW92E6MU2scBobaPvuSwxLUWoXRfkFnld727r/Kq:hmXgB3MOBbaPvuNYWIhr/Kq
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-