General
-
Target
cfe49535d5614bead6b98f51a064bb90_NEAS
-
Size
112KB
-
Sample
240507-s8395ade6y
-
MD5
cfe49535d5614bead6b98f51a064bb90
-
SHA1
d8741fee49ed44ef8ea0a84bcde1ffbb6efe689a
-
SHA256
d1d7b0e5a318fa830b20ba086db896bdd95b390329ab1781b8663c499b397e9e
-
SHA512
05fdfe07b6f492a9564ec6c3c48c9eb14e68d86b0bd3148791c0600070ed18a8f71e864f220c2e51adbe21096ff437729b6192c40a185e7adbc2cdcb090b34a4
-
SSDEEP
1536:t2ovIa47CqIf2f3w41p7sDcX7juR/JSJw8EeNshUDGXJ:tVIr7zI+fAceoGxSKKo5
Static task
static1
Behavioral task
behavioral1
Sample
cfe49535d5614bead6b98f51a064bb90_NEAS.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
cfe49535d5614bead6b98f51a064bb90_NEAS.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
cfe49535d5614bead6b98f51a064bb90_NEAS
-
Size
112KB
-
MD5
cfe49535d5614bead6b98f51a064bb90
-
SHA1
d8741fee49ed44ef8ea0a84bcde1ffbb6efe689a
-
SHA256
d1d7b0e5a318fa830b20ba086db896bdd95b390329ab1781b8663c499b397e9e
-
SHA512
05fdfe07b6f492a9564ec6c3c48c9eb14e68d86b0bd3148791c0600070ed18a8f71e864f220c2e51adbe21096ff437729b6192c40a185e7adbc2cdcb090b34a4
-
SSDEEP
1536:t2ovIa47CqIf2f3w41p7sDcX7juR/JSJw8EeNshUDGXJ:tVIr7zI+fAceoGxSKKo5
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-