General
-
Target
44f6679622481a7ab99d9fda9a41042ee4b1fb7b8f868dc3eff3f5c02b4235a1
-
Size
326KB
-
Sample
240620-1gjqeaxhqd
-
MD5
c6588d4ae439c37ff1fc9d701d077fc3
-
SHA1
90bd7e211b9e7c7e65d650c531db6bc9d689d5d4
-
SHA256
44f6679622481a7ab99d9fda9a41042ee4b1fb7b8f868dc3eff3f5c02b4235a1
-
SHA512
b09635c1910bc0e480e991ed6d7f7e4f62bac7cd78697a5bfe804b7fe5f51ae0151c17174b4e21db3c51caada9da4d7d48d8e6b3e99e0f372bba8d5c0238291d
-
SSDEEP
3072:ce2A0wxDqUpM5scww4chO+O1BmP5DG0sg3i4XZ9WvDZHwdRX/L+gP38XV:csxD5cwohO+O1sVG0/pZ6iPC8
Behavioral task
behavioral1
Sample
44f6679622481a7ab99d9fda9a41042ee4b1fb7b8f868dc3eff3f5c02b4235a1.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
44f6679622481a7ab99d9fda9a41042ee4b1fb7b8f868dc3eff3f5c02b4235a1.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
44f6679622481a7ab99d9fda9a41042ee4b1fb7b8f868dc3eff3f5c02b4235a1
-
Size
326KB
-
MD5
c6588d4ae439c37ff1fc9d701d077fc3
-
SHA1
90bd7e211b9e7c7e65d650c531db6bc9d689d5d4
-
SHA256
44f6679622481a7ab99d9fda9a41042ee4b1fb7b8f868dc3eff3f5c02b4235a1
-
SHA512
b09635c1910bc0e480e991ed6d7f7e4f62bac7cd78697a5bfe804b7fe5f51ae0151c17174b4e21db3c51caada9da4d7d48d8e6b3e99e0f372bba8d5c0238291d
-
SSDEEP
3072:ce2A0wxDqUpM5scww4chO+O1BmP5DG0sg3i4XZ9WvDZHwdRX/L+gP38XV:csxD5cwohO+O1sVG0/pZ6iPC8
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Detects Windows executables referencing non-Windows User-Agents
-
ModiLoader Second Stage
-
UPX dump on OEP (original entry point)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-