General
-
Target
virussign.com_f3fb433643992f5349291c65fa8b9940.vir
-
Size
90KB
-
Sample
240528-whklwaea5w
-
MD5
f3fb433643992f5349291c65fa8b9940
-
SHA1
ab46544ab8eecd567fe882dc992abd0b681e52cd
-
SHA256
8f93a1789a69a36ef8c45597bd0b7d15d535474355dbbcebc29cdeccc22d18a9
-
SHA512
961bf453f529b8faa0cc5626eec2b293d618c69c703aa730789b5607f1f87d2e7516412ef2ae9a06d4b34adca7f8df69cfcf1eb26c32b282914b7f67b41a4453
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDK:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3Y
Behavioral task
behavioral1
Sample
virussign.com_f3fb433643992f5349291c65fa8b9940.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
virussign.com_f3fb433643992f5349291c65fa8b9940.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
virussign.com_f3fb433643992f5349291c65fa8b9940.vir
-
Size
90KB
-
MD5
f3fb433643992f5349291c65fa8b9940
-
SHA1
ab46544ab8eecd567fe882dc992abd0b681e52cd
-
SHA256
8f93a1789a69a36ef8c45597bd0b7d15d535474355dbbcebc29cdeccc22d18a9
-
SHA512
961bf453f529b8faa0cc5626eec2b293d618c69c703aa730789b5607f1f87d2e7516412ef2ae9a06d4b34adca7f8df69cfcf1eb26c32b282914b7f67b41a4453
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDK:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3Y
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-