General
-
Target
b2305ea713e7ec74619f115219c63b3073036a632583819bbd476a3095e6e54a
-
Size
223KB
-
Sample
221205-17kqdsfd4x
-
MD5
8abd4076d573ecc0efdab4167a6535e5
-
SHA1
312010173599953e3bd69e03a39f9560058890ed
-
SHA256
b2305ea713e7ec74619f115219c63b3073036a632583819bbd476a3095e6e54a
-
SHA512
f413457705678b9e60f7e31c86e15cc74205d6c4a6fc6ca156278a1faaa0cf7139b9ebf747c2c854372876436fc2abec45d6c8cecb479d49d1a081c6eafa1944
-
SSDEEP
6144:Wb99ZwNPbgI/ZyOgA0ltwAytDvhbME4H6YJS3pzPa:CfZw/V+ZMvhIE4H6ppO
Malware Config
Targets
-
-
Target
b2305ea713e7ec74619f115219c63b3073036a632583819bbd476a3095e6e54a
-
Size
223KB
-
MD5
8abd4076d573ecc0efdab4167a6535e5
-
SHA1
312010173599953e3bd69e03a39f9560058890ed
-
SHA256
b2305ea713e7ec74619f115219c63b3073036a632583819bbd476a3095e6e54a
-
SHA512
f413457705678b9e60f7e31c86e15cc74205d6c4a6fc6ca156278a1faaa0cf7139b9ebf747c2c854372876436fc2abec45d6c8cecb479d49d1a081c6eafa1944
-
SSDEEP
6144:Wb99ZwNPbgI/ZyOgA0ltwAytDvhbME4H6YJS3pzPa:CfZw/V+ZMvhIE4H6ppO
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
UAC bypass
-
ModiLoader Second Stage
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-