General
-
Target
3084ceb40003c7d809456ccf45bd9b70_NEAS
-
Size
130KB
-
Sample
240506-3ftv4abc52
-
MD5
3084ceb40003c7d809456ccf45bd9b70
-
SHA1
372cb956d27aba4ac27217b19b2182a5d0fe578e
-
SHA256
e8f44e37d91f1200798cbc0cbad523e4271860be90f184b008002472fb6f491f
-
SHA512
a7d3cffeaf94c9b542fb47ddc6c4f293a8bcc8aaccb2545b9bf34983ac782518c35b5e1683d5987e33f36d173351b3679c6d41838e88d3a5a9cbacb27ea26fe7
-
SSDEEP
1536:eH1ZaQvR1KiX3NK6I+hZhYrt/w5Q6G6IpiRYzz9qJHhhnm0yG5aP/5UROXTmZI:SKQJcinxphkG5Q6GdpIOkJHhKRyOXKi
Behavioral task
behavioral1
Sample
3084ceb40003c7d809456ccf45bd9b70_NEAS.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
3084ceb40003c7d809456ccf45bd9b70_NEAS.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
3084ceb40003c7d809456ccf45bd9b70_NEAS
-
Size
130KB
-
MD5
3084ceb40003c7d809456ccf45bd9b70
-
SHA1
372cb956d27aba4ac27217b19b2182a5d0fe578e
-
SHA256
e8f44e37d91f1200798cbc0cbad523e4271860be90f184b008002472fb6f491f
-
SHA512
a7d3cffeaf94c9b542fb47ddc6c4f293a8bcc8aaccb2545b9bf34983ac782518c35b5e1683d5987e33f36d173351b3679c6d41838e88d3a5a9cbacb27ea26fe7
-
SSDEEP
1536:eH1ZaQvR1KiX3NK6I+hZhYrt/w5Q6G6IpiRYzz9qJHhhnm0yG5aP/5UROXTmZI:SKQJcinxphkG5Q6GdpIOkJHhKRyOXKi
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-