General
-
Target
abcd.zip
-
Size
982KB
-
Sample
240326-s1jkradc27
-
MD5
5641aea80e5beaf0d2b9c4a4fce43f5b
-
SHA1
8c7e0ffac99cf73c2810b72bcbe0fd1f864501f0
-
SHA256
ded35f4e679a69d7704bfc9e425417a171e18804ded62044571fd7a0631f6e82
-
SHA512
7fa9cae5cf5ff70ecde527f90929e8f4f1011e178e7c400ceb8a72adfd0ecff625276e9b39794c4bf4ae8a42682692b7c8d5e4016282050c41e9a87734bf8f39
-
SSDEEP
24576:G8ifBs66wlrLWMZ7b/KtAEfhk+Sp0rqC7vRsyJjddz:cZxlrLWMlG7fhkeqLyx/
Static task
static1
Behavioral task
behavioral1
Sample
abcd.bat
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
abcd.bat
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
abcd.bat
-
Size
3.3MB
-
MD5
aa569c8d3f8bab9502a97a610d27729d
-
SHA1
3727b1473dbca06ef346582d891c45b50e0fda67
-
SHA256
88cf408569b4b2414b59abca6a662b338e7fdb0d702949643b2080bf60224998
-
SHA512
5507a218283a81be1e963f5c8da196e6adaff1ee6e146a488200469428258ffd07e4e185584a35f65e17ce8208f3de6a5643398d25802b0a7edfc8a6586aea3b
-
SSDEEP
49152:5KH9bAn8qkdEk/n3yLpKRYhEMfOGlhjFk99/:0
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-