General
-
Target
0c80d51e7d00e0374ec69926ea97d5de5a6ecc52aecd24bfd7a17a3150e74016
-
Size
90KB
-
Sample
240530-xa8t6sga5t
-
MD5
24938e950ff7e68a19eddbe59131a7b5
-
SHA1
8cb0edf3f4bba2a8eed5a131953eefb76a9a66da
-
SHA256
0c80d51e7d00e0374ec69926ea97d5de5a6ecc52aecd24bfd7a17a3150e74016
-
SHA512
1b44fd54afea4e6ce5e7203998ea425628feed22042428104c2226b2900316c7473be20b7688f76ed9974e49d35e98d881828081ec859cd4aa3299f5fa9a528f
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDK:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3Y
Behavioral task
behavioral1
Sample
0c80d51e7d00e0374ec69926ea97d5de5a6ecc52aecd24bfd7a17a3150e74016.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0c80d51e7d00e0374ec69926ea97d5de5a6ecc52aecd24bfd7a17a3150e74016.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
0c80d51e7d00e0374ec69926ea97d5de5a6ecc52aecd24bfd7a17a3150e74016
-
Size
90KB
-
MD5
24938e950ff7e68a19eddbe59131a7b5
-
SHA1
8cb0edf3f4bba2a8eed5a131953eefb76a9a66da
-
SHA256
0c80d51e7d00e0374ec69926ea97d5de5a6ecc52aecd24bfd7a17a3150e74016
-
SHA512
1b44fd54afea4e6ce5e7203998ea425628feed22042428104c2226b2900316c7473be20b7688f76ed9974e49d35e98d881828081ec859cd4aa3299f5fa9a528f
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDK:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3Y
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Detects Windows executables referencing non-Windows User-Agents
-
ModiLoader Second Stage
-
UPX dump on OEP (original entry point)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-