General
-
Target
04f86889014d775571d3a207ace63a9a2f4917208d1d034503ed941284927359
-
Size
90KB
-
Sample
240917-wwf6lsxcmb
-
MD5
2613631294ec57dd7499599d6ad71123
-
SHA1
71af8d989509315f552a9df345ab3ef6b4d2fbdd
-
SHA256
04f86889014d775571d3a207ace63a9a2f4917208d1d034503ed941284927359
-
SHA512
e19e8f58d3cc035a325a51de072142c929f9f30b1ad43719de3a00c7af8cc0beb3c29bc430ff0a7c86467c96033cab38336412caf4a2cd5b8c80fcbfb5254b65
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDK:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3Y
Malware Config
Targets
-
-
Target
04f86889014d775571d3a207ace63a9a2f4917208d1d034503ed941284927359
-
Size
90KB
-
MD5
2613631294ec57dd7499599d6ad71123
-
SHA1
71af8d989509315f552a9df345ab3ef6b4d2fbdd
-
SHA256
04f86889014d775571d3a207ace63a9a2f4917208d1d034503ed941284927359
-
SHA512
e19e8f58d3cc035a325a51de072142c929f9f30b1ad43719de3a00c7af8cc0beb3c29bc430ff0a7c86467c96033cab38336412caf4a2cd5b8c80fcbfb5254b65
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDK:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3Y
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-