General
-
Target
e27317f1abe0a73a1435992f60d5180788445f17961d596f71b7cf1d774c69e8
-
Size
1.2MB
-
Sample
221203-v9gtmabd56
-
MD5
4e41bc7a510c3bef5c1e445e072be5b7
-
SHA1
4839d91cdf8a02fff3a1530ed9309ed08f1546ec
-
SHA256
e27317f1abe0a73a1435992f60d5180788445f17961d596f71b7cf1d774c69e8
-
SHA512
1a78a4bb26cabc88361965df0b2fb683db4ebea5759fd4cd2a04e37885a8f0817055ed153add395d0a60bf12585599ccd37674fc4378883202b14b0500c1e216
-
SSDEEP
24576:WIXMo12mrF8GGNiLoRyiBNQl9vqiFZFp/Eu7GRERnCCifqCZAOl2QHa1+:TXtJZ8GQiLoRyiBKgoZFdniR/qCZFl2M
Malware Config
Targets
-
-
Target
e27317f1abe0a73a1435992f60d5180788445f17961d596f71b7cf1d774c69e8
-
Size
1.2MB
-
MD5
4e41bc7a510c3bef5c1e445e072be5b7
-
SHA1
4839d91cdf8a02fff3a1530ed9309ed08f1546ec
-
SHA256
e27317f1abe0a73a1435992f60d5180788445f17961d596f71b7cf1d774c69e8
-
SHA512
1a78a4bb26cabc88361965df0b2fb683db4ebea5759fd4cd2a04e37885a8f0817055ed153add395d0a60bf12585599ccd37674fc4378883202b14b0500c1e216
-
SSDEEP
24576:WIXMo12mrF8GGNiLoRyiBNQl9vqiFZFp/Eu7GRERnCCifqCZAOl2QHa1+:TXtJZ8GQiLoRyiBKgoZFdniR/qCZFl2M
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Sets DLL path for service in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Drops file in System32 directory
-