General
-
Target
4a6230fa6ffb78dad55e6d39bc824f56f2565a700d5ae94b68eb1e86027b4f2b
-
Size
90KB
-
Sample
240501-z5rkgsag92
-
MD5
05f2ce9f62140f5f2af4b6bfb46c47ff
-
SHA1
4b8e3ef01ca731a26b428bb3bff39c77b5538cb5
-
SHA256
4a6230fa6ffb78dad55e6d39bc824f56f2565a700d5ae94b68eb1e86027b4f2b
-
SHA512
d033bc83e045cd82f89b5466137538c1e53901c338aaedfe6a0a1b503fe8c1325c68512c76c9e291f0bb78055489382be91276fd940296152f9cd0f8f92e2561
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDK:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3Y
Behavioral task
behavioral1
Sample
4a6230fa6ffb78dad55e6d39bc824f56f2565a700d5ae94b68eb1e86027b4f2b.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
4a6230fa6ffb78dad55e6d39bc824f56f2565a700d5ae94b68eb1e86027b4f2b.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
4a6230fa6ffb78dad55e6d39bc824f56f2565a700d5ae94b68eb1e86027b4f2b
-
Size
90KB
-
MD5
05f2ce9f62140f5f2af4b6bfb46c47ff
-
SHA1
4b8e3ef01ca731a26b428bb3bff39c77b5538cb5
-
SHA256
4a6230fa6ffb78dad55e6d39bc824f56f2565a700d5ae94b68eb1e86027b4f2b
-
SHA512
d033bc83e045cd82f89b5466137538c1e53901c338aaedfe6a0a1b503fe8c1325c68512c76c9e291f0bb78055489382be91276fd940296152f9cd0f8f92e2561
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDK:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3Y
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Detects Windows executables referencing non-Windows User-Agents
-
ModiLoader Second Stage
-
UPX dump on OEP (original entry point)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-