General
-
Target
df90303b419a6e98df4cf992845f0380_NEAS
-
Size
90KB
-
Sample
240507-t7bddshd93
-
MD5
df90303b419a6e98df4cf992845f0380
-
SHA1
b93a69134b7243f89c274e538ea6e50cc625f4cc
-
SHA256
32ff70c4f0a9d2aab2447b0a5646efb6ef674a21e3c2f349c054d1aa3e8c7c82
-
SHA512
a7c0b997e31675538c9a8d70fbba8c36fda6b5b9daeb72b5b4d977f3cfbdd7cdb8bb2865e6c6abb5b3657e4acad13e40ab3872b2167c8f3e440e9dbfd90d820b
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDK:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3Y
Behavioral task
behavioral1
Sample
df90303b419a6e98df4cf992845f0380_NEAS.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
df90303b419a6e98df4cf992845f0380_NEAS.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
df90303b419a6e98df4cf992845f0380_NEAS
-
Size
90KB
-
MD5
df90303b419a6e98df4cf992845f0380
-
SHA1
b93a69134b7243f89c274e538ea6e50cc625f4cc
-
SHA256
32ff70c4f0a9d2aab2447b0a5646efb6ef674a21e3c2f349c054d1aa3e8c7c82
-
SHA512
a7c0b997e31675538c9a8d70fbba8c36fda6b5b9daeb72b5b4d977f3cfbdd7cdb8bb2865e6c6abb5b3657e4acad13e40ab3872b2167c8f3e440e9dbfd90d820b
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDK:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3Y
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-