General
-
Target
da459f1b1601fd73f9f1dcb0a51dfc8a702fd08dc87d3377f7961d6a8a5c8091
-
Size
118KB
-
Sample
221205-wrweqsga7s
-
MD5
0af805f2baf34e351e22baab84ecbe50
-
SHA1
d98e14ff4ea15ce259c20a6d07e69fc2d80f7eeb
-
SHA256
da459f1b1601fd73f9f1dcb0a51dfc8a702fd08dc87d3377f7961d6a8a5c8091
-
SHA512
bc3eec1bf23952aaf6862735d7496e70cf19800794a3bb35e72a7841c274bb15d710959032f6fa96811541055555a2f49160ff9e080f5fa72cf3a240aae0c1ce
-
SSDEEP
3072:RPObJs6wSMpQZzbxUW1w3VNFHbGBjJSj9Biw/:NOxwfONd51oNbsjJio
Malware Config
Targets
-
-
Target
da459f1b1601fd73f9f1dcb0a51dfc8a702fd08dc87d3377f7961d6a8a5c8091
-
Size
118KB
-
MD5
0af805f2baf34e351e22baab84ecbe50
-
SHA1
d98e14ff4ea15ce259c20a6d07e69fc2d80f7eeb
-
SHA256
da459f1b1601fd73f9f1dcb0a51dfc8a702fd08dc87d3377f7961d6a8a5c8091
-
SHA512
bc3eec1bf23952aaf6862735d7496e70cf19800794a3bb35e72a7841c274bb15d710959032f6fa96811541055555a2f49160ff9e080f5fa72cf3a240aae0c1ce
-
SSDEEP
3072:RPObJs6wSMpQZzbxUW1w3VNFHbGBjJSj9Biw/:NOxwfONd51oNbsjJio
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
UAC bypass
-
ModiLoader Second Stage
-
ASPack v2.12-2.42
Detects executables packed with ASPack v2.12-2.42
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-