General
-
Target
71523d4ed0a8d827f80c6d2e9ec825e0_NEAS
-
Size
326KB
-
Sample
240507-f2p3psbb3s
-
MD5
71523d4ed0a8d827f80c6d2e9ec825e0
-
SHA1
7b5d36ad61933ea1ecf0314879d54994c5075a41
-
SHA256
28f1e799b00bed99d9777b6d48e7f20c9d2dd9386869ecea13ab68633600abfa
-
SHA512
10f9834ecc6ae105ab5f9cc3a30960b7cabc6b68760c3ed3f1134df0329d4b7e4737b1400f56394ad162155055a08c07010a307e72d6a78e8fa3a6bf248b780b
-
SSDEEP
3072:Ie2A0wxDqUpM5scww4chO+O1BmP5DG0sg3i4XZ9WvDZHwdRX/L+gP38XV:IsxD5cwohO+O1sVG0/pZ6iPC8
Behavioral task
behavioral1
Sample
71523d4ed0a8d827f80c6d2e9ec825e0_NEAS.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
71523d4ed0a8d827f80c6d2e9ec825e0_NEAS.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
71523d4ed0a8d827f80c6d2e9ec825e0_NEAS
-
Size
326KB
-
MD5
71523d4ed0a8d827f80c6d2e9ec825e0
-
SHA1
7b5d36ad61933ea1ecf0314879d54994c5075a41
-
SHA256
28f1e799b00bed99d9777b6d48e7f20c9d2dd9386869ecea13ab68633600abfa
-
SHA512
10f9834ecc6ae105ab5f9cc3a30960b7cabc6b68760c3ed3f1134df0329d4b7e4737b1400f56394ad162155055a08c07010a307e72d6a78e8fa3a6bf248b780b
-
SSDEEP
3072:Ie2A0wxDqUpM5scww4chO+O1BmP5DG0sg3i4XZ9WvDZHwdRX/L+gP38XV:IsxD5cwohO+O1sVG0/pZ6iPC8
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-