General
-
Target
27032024_0013_26032024_Transferencia 27999901671.rar
-
Size
766KB
-
Sample
240326-tn86bagh8w
-
MD5
c168aabb133670af8ca7fbde58fe81a4
-
SHA1
031eacf6539f15dacbfd73cacd4f5af2dd2771a8
-
SHA256
0a876cb36baec94584301a2f300a3dafe7e4794205ae451036e6629123c6ddc4
-
SHA512
3f8f0ad391577dbdd99a06b9e1ba98f2692e2bae100e367939ff8ddf3039a73cad467e58b56ecb94ed4d9f7e216e671a9807565fe2e757e98ae117e139489442
-
SSDEEP
12288:xXCOm16g4yDo5959E+Z5xqEC/bJlCl8+o0bj63CYkhzZcjWUKxUdRPsY:Nm16g4eo5LWi5xglgzvFYmzWK/U/PT
Static task
static1
Behavioral task
behavioral1
Sample
Transferencia 27999901671.bat
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
Transferencia 27999901671.bat
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
Transferencia 27999901671.bat
-
Size
3.1MB
-
MD5
2e016a2667734c3d435c4a9a36d729c9
-
SHA1
f3874d336db527df9fb5dbf497d1edd7a5ddc977
-
SHA256
9c25c340901294d46d8361d4914e0bb3473e38fe4b9d742e737c519279bc4401
-
SHA512
c8feb5329740f5d71edb7d40b213a17d9095f098187d2ecd0c48504b9bed2b407e3dafb346c544f26129d3ea0f22e4816e7b0116384be0b511974fed57f41661
-
SSDEEP
24576:2wyJPcV/Hrrz6jT6vaQrAAAy4QE1FpVJQQul6kE82zg38H6HKpLJrvvfzrEZnfQa:9yJPcVHQNQrAAHEPJQT7Z38dEDg3xfO
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-