General
-
Target
VirusShare_1ecb75f61811c8ba509fcecb959fc960
-
Size
290KB
-
Sample
240610-z63dda1erm
-
MD5
1ecb75f61811c8ba509fcecb959fc960
-
SHA1
ff350f0885fd1bf43b3649c5e10bd7c6b8c63c93
-
SHA256
f22e1cfd78acc5c944dbfa4b4333349c603536637b3f10ed8022719832abff1c
-
SHA512
2a808a060a288713cd0b95e4c490ea956caa1824a134ed26547af13fc77f2e95af8e6b2dff3e8d6bf1b79f2730dcee148003c69c100ff761cc4365476b1c6914
-
SSDEEP
6144:DVU3YK6TaVsZuR2gdELS8YazyamrwNXEjtEHgZVcoMiVejeuSN0teQBw2B:q3bVVDuLJBBWwN8W8KoISN0w0w2B
Malware Config
Targets
-
-
Target
VirusShare_1ecb75f61811c8ba509fcecb959fc960
-
Size
290KB
-
MD5
1ecb75f61811c8ba509fcecb959fc960
-
SHA1
ff350f0885fd1bf43b3649c5e10bd7c6b8c63c93
-
SHA256
f22e1cfd78acc5c944dbfa4b4333349c603536637b3f10ed8022719832abff1c
-
SHA512
2a808a060a288713cd0b95e4c490ea956caa1824a134ed26547af13fc77f2e95af8e6b2dff3e8d6bf1b79f2730dcee148003c69c100ff761cc4365476b1c6914
-
SSDEEP
6144:DVU3YK6TaVsZuR2gdELS8YazyamrwNXEjtEHgZVcoMiVejeuSN0teQBw2B:q3bVVDuLJBBWwN8W8KoISN0w0w2B
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-