General
-
Target
2ff74a834f9c8676d286b82906ab1220_NEAS
-
Size
130KB
-
Sample
240506-3dvdvagb3z
-
MD5
2ff74a834f9c8676d286b82906ab1220
-
SHA1
d129238dc1ca22edbcec4e988953e804a85b58cb
-
SHA256
7ee1daa144b52f42e36565ad54e25848377eef3ad92f985e6725f5646b5e71cd
-
SHA512
942e60c841020c1d7ef81f0e59c99b21730a9f1cabde4fce869bfb4693a06befe88e235939341ee719fd0d1f8548a93fc849eb43c42967ce3af639bd7451a431
-
SSDEEP
1536:eH1ZaQvR1KiX3NK6I+hZhYrt/w5Q6G6IpiRYzz9qJHhhnm0yG5aP/5UROXTmZG:SKQJcinxphkG5Q6GdpIOkJHhKRyOXKE
Behavioral task
behavioral1
Sample
2ff74a834f9c8676d286b82906ab1220_NEAS.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2ff74a834f9c8676d286b82906ab1220_NEAS.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
2ff74a834f9c8676d286b82906ab1220_NEAS
-
Size
130KB
-
MD5
2ff74a834f9c8676d286b82906ab1220
-
SHA1
d129238dc1ca22edbcec4e988953e804a85b58cb
-
SHA256
7ee1daa144b52f42e36565ad54e25848377eef3ad92f985e6725f5646b5e71cd
-
SHA512
942e60c841020c1d7ef81f0e59c99b21730a9f1cabde4fce869bfb4693a06befe88e235939341ee719fd0d1f8548a93fc849eb43c42967ce3af639bd7451a431
-
SSDEEP
1536:eH1ZaQvR1KiX3NK6I+hZhYrt/w5Q6G6IpiRYzz9qJHhhnm0yG5aP/5UROXTmZG:SKQJcinxphkG5Q6GdpIOkJHhKRyOXKE
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-