General
-
Target
73b259c72cb2531e001a0eaa1c9d87d1a2c0385fb6073eb9f9782273db0903e2
-
Size
112KB
-
Sample
240620-3kpf6swhnp
-
MD5
78a5ea6b57d8b722d7c42b0c7ef3d1da
-
SHA1
9edcb82d629f6e58331e06a504916f24a19bb13f
-
SHA256
73b259c72cb2531e001a0eaa1c9d87d1a2c0385fb6073eb9f9782273db0903e2
-
SHA512
fde35984361d1e02a81da4c1a8cc19b8b15e745cbaab245ca576cd7fae8f192b4998a4a078b7482c067fd93fda129032bbb7a0624def57fa05e77198a3f119bc
-
SSDEEP
1536:t2ovIa47CqIf2f3w41p7sDcX7juR/JSJw8EeNshUDGXJ:tVIr7zI+fAceoGxSKKo5
Static task
static1
Behavioral task
behavioral1
Sample
73b259c72cb2531e001a0eaa1c9d87d1a2c0385fb6073eb9f9782273db0903e2.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
73b259c72cb2531e001a0eaa1c9d87d1a2c0385fb6073eb9f9782273db0903e2.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
73b259c72cb2531e001a0eaa1c9d87d1a2c0385fb6073eb9f9782273db0903e2
-
Size
112KB
-
MD5
78a5ea6b57d8b722d7c42b0c7ef3d1da
-
SHA1
9edcb82d629f6e58331e06a504916f24a19bb13f
-
SHA256
73b259c72cb2531e001a0eaa1c9d87d1a2c0385fb6073eb9f9782273db0903e2
-
SHA512
fde35984361d1e02a81da4c1a8cc19b8b15e745cbaab245ca576cd7fae8f192b4998a4a078b7482c067fd93fda129032bbb7a0624def57fa05e77198a3f119bc
-
SSDEEP
1536:t2ovIa47CqIf2f3w41p7sDcX7juR/JSJw8EeNshUDGXJ:tVIr7zI+fAceoGxSKKo5
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Detects Windows executables referencing non-Windows User-Agents
-
ModiLoader Second Stage
-
UPX dump on OEP (original entry point)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-