General
-
Target
a5b7dc11fc31e89c8163493517dce21a47716247ab9a99ccbe7b05e3e0c4a273
-
Size
126KB
-
Sample
221205-l2whdada81
-
MD5
b5f1d0e08a91d987dea414fd5a8e001b
-
SHA1
fc051e729d9a99de070f265164bf3638acb7ac8c
-
SHA256
a5b7dc11fc31e89c8163493517dce21a47716247ab9a99ccbe7b05e3e0c4a273
-
SHA512
c27350ec7603bc0511189b37273d1ccba4f1433d4e7b6e33262632af480c98cc8984a7fbd072586feb61c3608d1d804fd3774beb610de9e87f67c0dc2d9268e4
-
SSDEEP
3072:A3JzTHTTmObj0TrnFt9c4wsdMhuEkGZ14kpaKrdaQHLA05:SJrTmk011wsqkGZ11oS5
Malware Config
Targets
-
-
Target
a5b7dc11fc31e89c8163493517dce21a47716247ab9a99ccbe7b05e3e0c4a273
-
Size
126KB
-
MD5
b5f1d0e08a91d987dea414fd5a8e001b
-
SHA1
fc051e729d9a99de070f265164bf3638acb7ac8c
-
SHA256
a5b7dc11fc31e89c8163493517dce21a47716247ab9a99ccbe7b05e3e0c4a273
-
SHA512
c27350ec7603bc0511189b37273d1ccba4f1433d4e7b6e33262632af480c98cc8984a7fbd072586feb61c3608d1d804fd3774beb610de9e87f67c0dc2d9268e4
-
SSDEEP
3072:A3JzTHTTmObj0TrnFt9c4wsdMhuEkGZ14kpaKrdaQHLA05:SJrTmk011wsqkGZ11oS5
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
UAC bypass
-
ModiLoader Second Stage
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-