General
-
Target
98490eb89fcb0adf976403729c814b5d1069e793021e0a15f6cf7cf81b4478a9
-
Size
90KB
-
Sample
240517-b69kpabf3z
-
MD5
a9fae156a6d3d0785de50cd85f06f77b
-
SHA1
537cac87578739fa576d31b486c1968c7c45e32a
-
SHA256
98490eb89fcb0adf976403729c814b5d1069e793021e0a15f6cf7cf81b4478a9
-
SHA512
b26484133c5ebf7dec2e6546d22dcc2bc5cda52dc2d1ba5afc503ffa43497675eaaa3eb5362d338128a784ad536f23b34130525185b5fb6d259cb25b72108521
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDK:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3Y
Behavioral task
behavioral1
Sample
98490eb89fcb0adf976403729c814b5d1069e793021e0a15f6cf7cf81b4478a9.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
98490eb89fcb0adf976403729c814b5d1069e793021e0a15f6cf7cf81b4478a9.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
98490eb89fcb0adf976403729c814b5d1069e793021e0a15f6cf7cf81b4478a9
-
Size
90KB
-
MD5
a9fae156a6d3d0785de50cd85f06f77b
-
SHA1
537cac87578739fa576d31b486c1968c7c45e32a
-
SHA256
98490eb89fcb0adf976403729c814b5d1069e793021e0a15f6cf7cf81b4478a9
-
SHA512
b26484133c5ebf7dec2e6546d22dcc2bc5cda52dc2d1ba5afc503ffa43497675eaaa3eb5362d338128a784ad536f23b34130525185b5fb6d259cb25b72108521
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDK:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3Y
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Detects Windows executables referencing non-Windows User-Agents
-
ModiLoader Second Stage
-
UPX dump on OEP (original entry point)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-