General
-
Target
Transferencia 27999901671.bat
-
Size
3.1MB
-
Sample
240326-rrqr2acb69
-
MD5
2e016a2667734c3d435c4a9a36d729c9
-
SHA1
f3874d336db527df9fb5dbf497d1edd7a5ddc977
-
SHA256
9c25c340901294d46d8361d4914e0bb3473e38fe4b9d742e737c519279bc4401
-
SHA512
c8feb5329740f5d71edb7d40b213a17d9095f098187d2ecd0c48504b9bed2b407e3dafb346c544f26129d3ea0f22e4816e7b0116384be0b511974fed57f41661
-
SSDEEP
24576:2wyJPcV/Hrrz6jT6vaQrAAAy4QE1FpVJQQul6kE82zg38H6HKpLJrvvfzrEZnfQa:9yJPcVHQNQrAAHEPJQT7Z38dEDg3xfO
Static task
static1
Behavioral task
behavioral1
Sample
Transferencia 27999901671.bat
Resource
win7-20240221-es
Behavioral task
behavioral2
Sample
Transferencia 27999901671.bat
Resource
win10v2004-20240226-es
Malware Config
Targets
-
-
Target
Transferencia 27999901671.bat
-
Size
3.1MB
-
MD5
2e016a2667734c3d435c4a9a36d729c9
-
SHA1
f3874d336db527df9fb5dbf497d1edd7a5ddc977
-
SHA256
9c25c340901294d46d8361d4914e0bb3473e38fe4b9d742e737c519279bc4401
-
SHA512
c8feb5329740f5d71edb7d40b213a17d9095f098187d2ecd0c48504b9bed2b407e3dafb346c544f26129d3ea0f22e4816e7b0116384be0b511974fed57f41661
-
SSDEEP
24576:2wyJPcV/Hrrz6jT6vaQrAAAy4QE1FpVJQQul6kE82zg38H6HKpLJrvvfzrEZnfQa:9yJPcVHQNQrAAHEPJQT7Z38dEDg3xfO
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-