General
-
Target
01a34dc0bedf14ef9f2b54f9bc16e9d0N.exe
-
Size
90KB
-
Sample
240910-t8zsdavfmb
-
MD5
01a34dc0bedf14ef9f2b54f9bc16e9d0
-
SHA1
290f5cf9e2e09906201ff0af888aa3d54351ab71
-
SHA256
2cadc88ff6b1e2e299b3c78f44d249d157ed556badb652efc72615d86677c877
-
SHA512
e92ef92141986fd53ed567bac9d503cbd3e36282779614262ef04551192f555bf9e6e0b50a36da1d4d88d267bc7d0b0d82a27e3c16d420561aa579e655359fe4
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDK:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3Y
Malware Config
Targets
-
-
Target
01a34dc0bedf14ef9f2b54f9bc16e9d0N.exe
-
Size
90KB
-
MD5
01a34dc0bedf14ef9f2b54f9bc16e9d0
-
SHA1
290f5cf9e2e09906201ff0af888aa3d54351ab71
-
SHA256
2cadc88ff6b1e2e299b3c78f44d249d157ed556badb652efc72615d86677c877
-
SHA512
e92ef92141986fd53ed567bac9d503cbd3e36282779614262ef04551192f555bf9e6e0b50a36da1d4d88d267bc7d0b0d82a27e3c16d420561aa579e655359fe4
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDK:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3Y
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-