General
-
Target
e6fc13765f7c596e9522cf88ba0fbd2605fd07ecc72c03cd0c67ade92e76d4bd
-
Size
54KB
-
Sample
221203-nx5atsbf3t
-
MD5
9e0cb74cc8287fec3ef9ec4ddbd0f31c
-
SHA1
3f8f6cd4841bf2109bac9b0c3a0eeb84d08e613b
-
SHA256
e6fc13765f7c596e9522cf88ba0fbd2605fd07ecc72c03cd0c67ade92e76d4bd
-
SHA512
c7f3b7a6af4d5e7e603c3ffeee4461839c64ecffcba3fb3923cbf034c8f650a79547ff167aef7cb933cd81b814d6fbf9e972e725ff04cb040be00dd81b062983
-
SSDEEP
768:jZdny1ts1joc8rtv0CHJ2abKi/tnlS2CTaeldCjXiXxaUDpzJJ2HNpF/U:jZoioc8t1J2qtnlSbT/30ihaOzJAtc
Static task
static1
Behavioral task
behavioral1
Sample
e6fc13765f7c596e9522cf88ba0fbd2605fd07ecc72c03cd0c67ade92e76d4bd.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
e6fc13765f7c596e9522cf88ba0fbd2605fd07ecc72c03cd0c67ade92e76d4bd.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
e6fc13765f7c596e9522cf88ba0fbd2605fd07ecc72c03cd0c67ade92e76d4bd
-
Size
54KB
-
MD5
9e0cb74cc8287fec3ef9ec4ddbd0f31c
-
SHA1
3f8f6cd4841bf2109bac9b0c3a0eeb84d08e613b
-
SHA256
e6fc13765f7c596e9522cf88ba0fbd2605fd07ecc72c03cd0c67ade92e76d4bd
-
SHA512
c7f3b7a6af4d5e7e603c3ffeee4461839c64ecffcba3fb3923cbf034c8f650a79547ff167aef7cb933cd81b814d6fbf9e972e725ff04cb040be00dd81b062983
-
SSDEEP
768:jZdny1ts1joc8rtv0CHJ2abKi/tnlS2CTaeldCjXiXxaUDpzJJ2HNpF/U:jZoioc8t1J2qtnlSbT/30ihaOzJAtc
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-