General
-
Target
286b052e9066c0321d8bab07071486d96244476e922260460498daa30d86835b
-
Size
308KB
-
Sample
240429-yhdvfabb34
-
MD5
2521d6a6082ff0e32151a65c8e8e3c46
-
SHA1
ed500d73c755432c74018d4a8b85244b78761209
-
SHA256
286b052e9066c0321d8bab07071486d96244476e922260460498daa30d86835b
-
SHA512
64f706d375d6f74f9b95c802bcdd9013f07903ffcd88d7af24a374bb29b779b57fa631341ac7e0dbbf54fdd7986abef28484a65785dca10744d80226b229b7e6
-
SSDEEP
3072:/c3sBG7mXh7m/zZM3jAbNOM6CNtDCZFL:E3sBz0Z4Mj72F
Static task
static1
Behavioral task
behavioral1
Sample
286b052e9066c0321d8bab07071486d96244476e922260460498daa30d86835b.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
286b052e9066c0321d8bab07071486d96244476e922260460498daa30d86835b.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
286b052e9066c0321d8bab07071486d96244476e922260460498daa30d86835b
-
Size
308KB
-
MD5
2521d6a6082ff0e32151a65c8e8e3c46
-
SHA1
ed500d73c755432c74018d4a8b85244b78761209
-
SHA256
286b052e9066c0321d8bab07071486d96244476e922260460498daa30d86835b
-
SHA512
64f706d375d6f74f9b95c802bcdd9013f07903ffcd88d7af24a374bb29b779b57fa631341ac7e0dbbf54fdd7986abef28484a65785dca10744d80226b229b7e6
-
SSDEEP
3072:/c3sBG7mXh7m/zZM3jAbNOM6CNtDCZFL:E3sBz0Z4Mj72F
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Detects Windows executables referencing non-Windows User-Agents
-
ModiLoader Second Stage
-
UPX dump on OEP (original entry point)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-