General
-
Target
eeae476fe174b9f3b86a615884e7c3316d93fa02dc23206938829150218135d5
-
Size
836KB
-
Sample
221203-2t6ldacg46
-
MD5
40bb425dbec19f1ef5f7b61b35a82267
-
SHA1
5e14bdba8cf01d123f2a711d3e8a595837eb69db
-
SHA256
eeae476fe174b9f3b86a615884e7c3316d93fa02dc23206938829150218135d5
-
SHA512
9219892ca4298ad19ce285e73f3af6b756e429e98b315d0f51de093db821e041f46adc8adcbc65ecee326abddff7c7a2db8069780e0019f13a2c3bae7912ee34
-
SSDEEP
12288:i/WNzAAmk+aiptW5v9edN1gFAbdYeqO+sMraahnk:i/WhLB+qI+vLraUn
Malware Config
Targets
-
-
Target
eeae476fe174b9f3b86a615884e7c3316d93fa02dc23206938829150218135d5
-
Size
836KB
-
MD5
40bb425dbec19f1ef5f7b61b35a82267
-
SHA1
5e14bdba8cf01d123f2a711d3e8a595837eb69db
-
SHA256
eeae476fe174b9f3b86a615884e7c3316d93fa02dc23206938829150218135d5
-
SHA512
9219892ca4298ad19ce285e73f3af6b756e429e98b315d0f51de093db821e041f46adc8adcbc65ecee326abddff7c7a2db8069780e0019f13a2c3bae7912ee34
-
SSDEEP
12288:i/WNzAAmk+aiptW5v9edN1gFAbdYeqO+sMraahnk:i/WhLB+qI+vLraUn
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-