General
-
Target
NEAS.6f331f4edfa3feb15f68bb9f9fb15ff9.exe
-
Size
308KB
-
Sample
231201-tfw6sadc4t
-
MD5
6f331f4edfa3feb15f68bb9f9fb15ff9
-
SHA1
31c86ab64f80518fff5b3a9d824c5e2220b2c466
-
SHA256
60b0ef6574d0a7a30ee5b4fbbf7c1709994e9f3ae276359b8a335930df9dd29c
-
SHA512
08e19565b38b034c0912d61264725e7fec2c4c25c0536c6a5408a8a23f27b5ae6f9a24fe091197e72da6d36797c006010d9977cb4a25ddf87bc17db5f53deaf9
-
SSDEEP
3072:/c3sBG7mXh7m/zZM3jAbNOM6CNtDCZFL:E3sBz0Z4Mj72F
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.6f331f4edfa3feb15f68bb9f9fb15ff9.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
NEAS.6f331f4edfa3feb15f68bb9f9fb15ff9.exe
Resource
win10v2004-20231127-en
Malware Config
Targets
-
-
Target
NEAS.6f331f4edfa3feb15f68bb9f9fb15ff9.exe
-
Size
308KB
-
MD5
6f331f4edfa3feb15f68bb9f9fb15ff9
-
SHA1
31c86ab64f80518fff5b3a9d824c5e2220b2c466
-
SHA256
60b0ef6574d0a7a30ee5b4fbbf7c1709994e9f3ae276359b8a335930df9dd29c
-
SHA512
08e19565b38b034c0912d61264725e7fec2c4c25c0536c6a5408a8a23f27b5ae6f9a24fe091197e72da6d36797c006010d9977cb4a25ddf87bc17db5f53deaf9
-
SSDEEP
3072:/c3sBG7mXh7m/zZM3jAbNOM6CNtDCZFL:E3sBz0Z4Mj72F
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-