General
-
Target
bdbe28c1801f2dab5a0f74b2a32d82a0N.exe
-
Size
90KB
-
Sample
240901-nqqh4azdpf
-
MD5
bdbe28c1801f2dab5a0f74b2a32d82a0
-
SHA1
985b6a713ad607136e13171d45b10c1ccc6c5a89
-
SHA256
2e89a98cdfef59ab80a9a83e9940e7b064769cee70f62f94674cce771a8ed2ed
-
SHA512
79ff9a316903cfb88c9ec3c9b900b7081d5e4035b3b5bfd6bd953451ba5e4d6392a700bdacc912def0a99f4f0ce3bb607a33ffbfa06a1b0b84fb39a18eff57dd
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDg:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3Y
Malware Config
Targets
-
-
Target
bdbe28c1801f2dab5a0f74b2a32d82a0N.exe
-
Size
90KB
-
MD5
bdbe28c1801f2dab5a0f74b2a32d82a0
-
SHA1
985b6a713ad607136e13171d45b10c1ccc6c5a89
-
SHA256
2e89a98cdfef59ab80a9a83e9940e7b064769cee70f62f94674cce771a8ed2ed
-
SHA512
79ff9a316903cfb88c9ec3c9b900b7081d5e4035b3b5bfd6bd953451ba5e4d6392a700bdacc912def0a99f4f0ce3bb607a33ffbfa06a1b0b84fb39a18eff57dd
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDg:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3Y
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-