General
-
Target
e06f360ca8f64621bf34e248da434adc6b65391e196bc9cb0a62a00baa134846
-
Size
876KB
-
Sample
230428-mdklmsdc49
-
MD5
69fa88e706912bcfa3dc9cc07626c662
-
SHA1
3daaf1e070049dce9b621d48addcabe97150bdac
-
SHA256
e06f360ca8f64621bf34e248da434adc6b65391e196bc9cb0a62a00baa134846
-
SHA512
0e3c6ff3e5ab31a3c454b5df4c9e12aa2ae77e1e0c50bf7911a3c34b197ba3fd2b282ce9ee94e7228f8b772ae436c08266078d0720d948b6ac2f52d8d70918ef
-
SSDEEP
24576:NLX89GZ9NaJlSs0+w6nm2g5+zTwzwK30JV:NLs4mDSa6zPmV
Malware Config
Targets
-
-
Target
e06f360ca8f64621bf34e248da434adc6b65391e196bc9cb0a62a00baa134846
-
Size
876KB
-
MD5
69fa88e706912bcfa3dc9cc07626c662
-
SHA1
3daaf1e070049dce9b621d48addcabe97150bdac
-
SHA256
e06f360ca8f64621bf34e248da434adc6b65391e196bc9cb0a62a00baa134846
-
SHA512
0e3c6ff3e5ab31a3c454b5df4c9e12aa2ae77e1e0c50bf7911a3c34b197ba3fd2b282ce9ee94e7228f8b772ae436c08266078d0720d948b6ac2f52d8d70918ef
-
SSDEEP
24576:NLX89GZ9NaJlSs0+w6nm2g5+zTwzwK30JV:NLs4mDSa6zPmV
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-