Extracted

• • Target

    9a66f675b5bb95acd4d7d87370e493db283f89fda927cab337a2d73453f44f5f

  • Size

    1.1MB

  • MD5

    e0ddbb692436904c906cb1efbaddff07

  • SHA1

    202674f003cc2a262a9f02521464084ce3a3177f

  • SHA256

    9a66f675b5bb95acd4d7d87370e493db283f89fda927cab337a2d73453f44f5f

  • SHA512

    fbdd7bd21acd2e7ca7a3bff24adcc48b578e77bc4c7cf10c3a575bf53d70ec2b57b4ba82a56177cf15ff1a938a25640addd11edd030cc7d4c25be16929b800a7

  • SSDEEP

    24576:fyP6j4ZCJ55Y3jVWdMB1hT96LQNWsJzvOUNMTJB0wA1TJez0:qkOzVNBDJ6LQVxoM1F

  Score

  10^/10

  modiloaderpersistencetrojan

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader

  • ModiLoader Second Stage

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2