General
-
Target
c7f51c196be27cd30236610f5e2136533dbe7d315b9d1b63367e5b007d80cdc2
-
Size
320KB
-
Sample
221205-wrx9bsch58
-
MD5
1e578331b11a7c1187c32a61e074b440
-
SHA1
c87728e54ac1ec0b19a751b4feb52bae9e388812
-
SHA256
c7f51c196be27cd30236610f5e2136533dbe7d315b9d1b63367e5b007d80cdc2
-
SHA512
06a7791bbbf2503c996b96e6c8b208d3a9e6ffef8ffd7b4a8afbbe0a434bfee6ee75baada59bc1b9b8ba16c32fd4ec34092777f424bc85196df5cc1eff053ff9
-
SSDEEP
6144:kG377xS2Vp2CeiorXhwTBF53FpcCJJvHUEgoS8:fr7xS2Vp6FwT3bJJvHooS8
Malware Config
Targets
-
-
Target
c7f51c196be27cd30236610f5e2136533dbe7d315b9d1b63367e5b007d80cdc2
-
Size
320KB
-
MD5
1e578331b11a7c1187c32a61e074b440
-
SHA1
c87728e54ac1ec0b19a751b4feb52bae9e388812
-
SHA256
c7f51c196be27cd30236610f5e2136533dbe7d315b9d1b63367e5b007d80cdc2
-
SHA512
06a7791bbbf2503c996b96e6c8b208d3a9e6ffef8ffd7b4a8afbbe0a434bfee6ee75baada59bc1b9b8ba16c32fd4ec34092777f424bc85196df5cc1eff053ff9
-
SSDEEP
6144:kG377xS2Vp2CeiorXhwTBF53FpcCJJvHUEgoS8:fr7xS2Vp6FwT3bJJvHooS8
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
UAC bypass
-
ModiLoader Second Stage
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-