General
-
Target
8fbec10b6d7e49afba583adccdc08ed0N.exe
-
Size
90KB
-
Sample
240907-pjzzmavamb
-
MD5
8fbec10b6d7e49afba583adccdc08ed0
-
SHA1
3fb5e3eddd72f5cd1676b004f7b1bcae1d263fb3
-
SHA256
6e0c4bade9ccac1c5c10d2e3a50889e994b8db5526b96c2e5fbb9b23a118f43b
-
SHA512
db0c00bf6be81ee2623cd4c5ef051ed14c25132fb110a017b60a14acc3705de738c98f3abda53bb67e81bb9788df1a0bd7854e17736852526483cc07c5f560e8
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDK:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3Y
Malware Config
Targets
-
-
Target
8fbec10b6d7e49afba583adccdc08ed0N.exe
-
Size
90KB
-
MD5
8fbec10b6d7e49afba583adccdc08ed0
-
SHA1
3fb5e3eddd72f5cd1676b004f7b1bcae1d263fb3
-
SHA256
6e0c4bade9ccac1c5c10d2e3a50889e994b8db5526b96c2e5fbb9b23a118f43b
-
SHA512
db0c00bf6be81ee2623cd4c5ef051ed14c25132fb110a017b60a14acc3705de738c98f3abda53bb67e81bb9788df1a0bd7854e17736852526483cc07c5f560e8
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDK:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3Y
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-