General
-
Target
19e78d4d902853cdd11a4d826f03dd6fcaaa856c080651df22fa26dd5f3f53a6
-
Size
130KB
-
Sample
240602-x5ppsadc34
-
MD5
6beabbaccc7b872fdb9f706c27f44a20
-
SHA1
f7fee0c8b9c72893ca11df3ec17f534dbd56b5ab
-
SHA256
19e78d4d902853cdd11a4d826f03dd6fcaaa856c080651df22fa26dd5f3f53a6
-
SHA512
4d915b29bfbf0a937ea5071ea770bf713cefde6de2094e83e54fa47ee8a9f8b280a4bfc1f3a978ac629533364bfdc1d9da8fb74e55388a1c9d83101caa049c79
-
SSDEEP
1536:eH1ZaQvR1KiX3NK6I+hZhYrt/w5Q6G6IpiRYzz9qJHhhnm0yG5aP/5UROXTmZ:SKQJcinxphkG5Q6GdpIOkJHhKRyOXK
Behavioral task
behavioral1
Sample
19e78d4d902853cdd11a4d826f03dd6fcaaa856c080651df22fa26dd5f3f53a6.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
19e78d4d902853cdd11a4d826f03dd6fcaaa856c080651df22fa26dd5f3f53a6.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
19e78d4d902853cdd11a4d826f03dd6fcaaa856c080651df22fa26dd5f3f53a6
-
Size
130KB
-
MD5
6beabbaccc7b872fdb9f706c27f44a20
-
SHA1
f7fee0c8b9c72893ca11df3ec17f534dbd56b5ab
-
SHA256
19e78d4d902853cdd11a4d826f03dd6fcaaa856c080651df22fa26dd5f3f53a6
-
SHA512
4d915b29bfbf0a937ea5071ea770bf713cefde6de2094e83e54fa47ee8a9f8b280a4bfc1f3a978ac629533364bfdc1d9da8fb74e55388a1c9d83101caa049c79
-
SSDEEP
1536:eH1ZaQvR1KiX3NK6I+hZhYrt/w5Q6G6IpiRYzz9qJHhhnm0yG5aP/5UROXTmZ:SKQJcinxphkG5Q6GdpIOkJHhKRyOXK
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Detects Windows executables referencing non-Windows User-Agents
-
ModiLoader Second Stage
-
UPX dump on OEP (original entry point)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-