General
-
Target
6af93ae99cc69a9c617224c704230f42ade010e43409f8f609774528df13b95a
-
Size
326KB
-
Sample
240511-278b5agd33
-
MD5
4d097d238a7302cf85ec13dc37368a94
-
SHA1
61a7dc09ff73dc7fabbfa16cdd7da0ab49d0c3fa
-
SHA256
6af93ae99cc69a9c617224c704230f42ade010e43409f8f609774528df13b95a
-
SHA512
59ffe94d939b84aa0e25dca3ce7e29def3a95661f51ab2f06e5173a7ae18c1e6b0056095a9c8724cb68835729a592fcc1632f240b0639793f90d6a22f229122e
-
SSDEEP
3072:Ie2A0wxDqUpM5scww4chO+O1BmP5DG0sg3i4XZ9WvDZHwdRX/L+gP38XV:IsxD5cwohO+O1sVG0/pZ6iPC8
Behavioral task
behavioral1
Sample
6af93ae99cc69a9c617224c704230f42ade010e43409f8f609774528df13b95a.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
6af93ae99cc69a9c617224c704230f42ade010e43409f8f609774528df13b95a.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
6af93ae99cc69a9c617224c704230f42ade010e43409f8f609774528df13b95a
-
Size
326KB
-
MD5
4d097d238a7302cf85ec13dc37368a94
-
SHA1
61a7dc09ff73dc7fabbfa16cdd7da0ab49d0c3fa
-
SHA256
6af93ae99cc69a9c617224c704230f42ade010e43409f8f609774528df13b95a
-
SHA512
59ffe94d939b84aa0e25dca3ce7e29def3a95661f51ab2f06e5173a7ae18c1e6b0056095a9c8724cb68835729a592fcc1632f240b0639793f90d6a22f229122e
-
SSDEEP
3072:Ie2A0wxDqUpM5scww4chO+O1BmP5DG0sg3i4XZ9WvDZHwdRX/L+gP38XV:IsxD5cwohO+O1sVG0/pZ6iPC8
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Detects Windows executables referencing non-Windows User-Agents
-
ModiLoader Second Stage
-
UPX dump on OEP (original entry point)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-