General
-
Target
fa810ed434fa229c459b29633f0ff8ed1069d0e0bce9a0a0382ba59106f57258
-
Size
288KB
-
Sample
221206-gc5brshf34
-
MD5
900e805a561bfabfdbafbc8b42656361
-
SHA1
b5e68a16931621d1fea563c6286a9dfe36ad073d
-
SHA256
fa810ed434fa229c459b29633f0ff8ed1069d0e0bce9a0a0382ba59106f57258
-
SHA512
7a5e473374c5b2e6f37b19722ecd717dbc0c247d79ebc281016c86b2b45267671090483c521005578274c2218eab36eb8d8ba6627b4cca6ff1564d3c1f4a173c
-
SSDEEP
6144:4Jzb9Ohw1t2OrHJ3BmK+8x5PYbbuRTT5v7HiaLDRyNUm:4XuwHrtFzfNPLENUm
Static task
static1
Behavioral task
behavioral1
Sample
fa810ed434fa229c459b29633f0ff8ed1069d0e0bce9a0a0382ba59106f57258.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
fa810ed434fa229c459b29633f0ff8ed1069d0e0bce9a0a0382ba59106f57258.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
fa810ed434fa229c459b29633f0ff8ed1069d0e0bce9a0a0382ba59106f57258
-
Size
288KB
-
MD5
900e805a561bfabfdbafbc8b42656361
-
SHA1
b5e68a16931621d1fea563c6286a9dfe36ad073d
-
SHA256
fa810ed434fa229c459b29633f0ff8ed1069d0e0bce9a0a0382ba59106f57258
-
SHA512
7a5e473374c5b2e6f37b19722ecd717dbc0c247d79ebc281016c86b2b45267671090483c521005578274c2218eab36eb8d8ba6627b4cca6ff1564d3c1f4a173c
-
SSDEEP
6144:4Jzb9Ohw1t2OrHJ3BmK+8x5PYbbuRTT5v7HiaLDRyNUm:4XuwHrtFzfNPLENUm
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-