General
-
Target
d58835f358aecf0391274a74967e2d3cdd8168b3b2ed73e6b3351f2a25f6e440N
-
Size
326KB
-
Sample
240917-s73l7s1clc
-
MD5
f8048686b6a00def26c347183e702f10
-
SHA1
e23f25c67d0f112c9b2613a77b40586bd43c41d9
-
SHA256
d58835f358aecf0391274a74967e2d3cdd8168b3b2ed73e6b3351f2a25f6e440
-
SHA512
3066a7169945e3820ac350f934d4fb6c0d10fe8e45476a546bbfc9eede556538ec026767eeb3bbf3372a868e41c7ad98768f31de456340735c01ab1437dab1fb
-
SSDEEP
3072:ce2A0wxDqUpM5scww4chO+O1BmP5DG0sg3i4XZ9WvDZHwdRX/L+gP38XV:csxD5cwohO+O1sVG0/pZ6iPC8
Malware Config
Targets
-
-
Target
d58835f358aecf0391274a74967e2d3cdd8168b3b2ed73e6b3351f2a25f6e440N
-
Size
326KB
-
MD5
f8048686b6a00def26c347183e702f10
-
SHA1
e23f25c67d0f112c9b2613a77b40586bd43c41d9
-
SHA256
d58835f358aecf0391274a74967e2d3cdd8168b3b2ed73e6b3351f2a25f6e440
-
SHA512
3066a7169945e3820ac350f934d4fb6c0d10fe8e45476a546bbfc9eede556538ec026767eeb3bbf3372a868e41c7ad98768f31de456340735c01ab1437dab1fb
-
SSDEEP
3072:ce2A0wxDqUpM5scww4chO+O1BmP5DG0sg3i4XZ9WvDZHwdRX/L+gP38XV:csxD5cwohO+O1sVG0/pZ6iPC8
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-