General
-
Target
98619775d344c488847a5355433bb4d4206e8fe054b09302ca5e7eaf86cd2381
-
Size
159KB
-
Sample
221204-1hhjqsce9w
-
MD5
cd602e1d9ed9af0f1d5c60b8e6598bfe
-
SHA1
b2f7534835fb48b5feb390c1ec5b2e9acf8fe578
-
SHA256
98619775d344c488847a5355433bb4d4206e8fe054b09302ca5e7eaf86cd2381
-
SHA512
6aa30d18cb7ffdf8f919b722d9e151b93f7b6f4d1d9a7003669b9aaca67c8539110249930d30d6319340959b3d812165992741187b66a24393c7784c077ace89
-
SSDEEP
3072:dRGEbqzPvmGEbqzHxsbE7IjXDNAiBs1SsVF9ylfPOlOqivfkr:XGkqzWGkqzHxsbEAXZTqVaOUqn
Malware Config
Targets
-
-
Target
98619775d344c488847a5355433bb4d4206e8fe054b09302ca5e7eaf86cd2381
-
Size
159KB
-
MD5
cd602e1d9ed9af0f1d5c60b8e6598bfe
-
SHA1
b2f7534835fb48b5feb390c1ec5b2e9acf8fe578
-
SHA256
98619775d344c488847a5355433bb4d4206e8fe054b09302ca5e7eaf86cd2381
-
SHA512
6aa30d18cb7ffdf8f919b722d9e151b93f7b6f4d1d9a7003669b9aaca67c8539110249930d30d6319340959b3d812165992741187b66a24393c7784c077ace89
-
SSDEEP
3072:dRGEbqzPvmGEbqzHxsbE7IjXDNAiBs1SsVF9ylfPOlOqivfkr:XGkqzWGkqzHxsbEAXZTqVaOUqn
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
UAC bypass
-
ModiLoader Second Stage
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation