General
-
Target
1093b29c0eea8bf48b196336fb8abfce147a46db1729b75288d222d37bf5dc43
-
Size
130KB
-
Sample
240430-xr48badh5w
-
MD5
430617c027a1399e8b2882de0f26abeb
-
SHA1
ad82555a7b2cd755007b145eb4e5e8d747eb65ac
-
SHA256
1093b29c0eea8bf48b196336fb8abfce147a46db1729b75288d222d37bf5dc43
-
SHA512
74a382f88c88935898005f7880666ce61aca25db18a6a9ae868ad8889cc9b58adde725c137e73f922e220c71fd593c0e223661c4c0b5e1ab9f7ac2432dc31789
-
SSDEEP
1536:mH1ZaQvR1KiX3NK6I+hZhYrt/w5Q6G6IpiRYzz9qJHhhnm0yG5aP/5UROXTmNJ:6KQJcinxphkG5Q6GdpIOkJHhKRyOXK
Behavioral task
behavioral1
Sample
1093b29c0eea8bf48b196336fb8abfce147a46db1729b75288d222d37bf5dc43.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1093b29c0eea8bf48b196336fb8abfce147a46db1729b75288d222d37bf5dc43.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
1093b29c0eea8bf48b196336fb8abfce147a46db1729b75288d222d37bf5dc43
-
Size
130KB
-
MD5
430617c027a1399e8b2882de0f26abeb
-
SHA1
ad82555a7b2cd755007b145eb4e5e8d747eb65ac
-
SHA256
1093b29c0eea8bf48b196336fb8abfce147a46db1729b75288d222d37bf5dc43
-
SHA512
74a382f88c88935898005f7880666ce61aca25db18a6a9ae868ad8889cc9b58adde725c137e73f922e220c71fd593c0e223661c4c0b5e1ab9f7ac2432dc31789
-
SSDEEP
1536:mH1ZaQvR1KiX3NK6I+hZhYrt/w5Q6G6IpiRYzz9qJHhhnm0yG5aP/5UROXTmNJ:6KQJcinxphkG5Q6GdpIOkJHhKRyOXK
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Detects Windows executables referencing non-Windows User-Agents
-
ModiLoader Second Stage
-
UPX dump on OEP (original entry point)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-