General
-
Target
dbc0512887b87e0333ac22302369c8854e7f55434674a512eeb7ef39a7931dd9N
-
Size
130KB
-
Sample
240918-qj2c5atekp
-
MD5
24b2664454e6d0087202c5a8695630c0
-
SHA1
83ab49318ca729218913515b6d7b0925fa16b046
-
SHA256
dbc0512887b87e0333ac22302369c8854e7f55434674a512eeb7ef39a7931dd9
-
SHA512
034a4ea6169e6cba42547314a21925aed3bb415d6cd5acddf4b3e96465a33dce80b46881f0d5d33d0fe75fb2ee6e0fe1d68a34f1b3efe615ab1bbaf3503cbcf7
-
SSDEEP
1536:mH1ZaQvR1KiX3NK6I+hZhYrt/w5Q6G6IpiRYzz9qJHhhnm0yG5aP/5UROXTmNJ:6KQJcinxphkG5Q6GdpIOkJHhKRyOXK
Malware Config
Targets
-
-
Target
dbc0512887b87e0333ac22302369c8854e7f55434674a512eeb7ef39a7931dd9N
-
Size
130KB
-
MD5
24b2664454e6d0087202c5a8695630c0
-
SHA1
83ab49318ca729218913515b6d7b0925fa16b046
-
SHA256
dbc0512887b87e0333ac22302369c8854e7f55434674a512eeb7ef39a7931dd9
-
SHA512
034a4ea6169e6cba42547314a21925aed3bb415d6cd5acddf4b3e96465a33dce80b46881f0d5d33d0fe75fb2ee6e0fe1d68a34f1b3efe615ab1bbaf3503cbcf7
-
SSDEEP
1536:mH1ZaQvR1KiX3NK6I+hZhYrt/w5Q6G6IpiRYzz9qJHhhnm0yG5aP/5UROXTmNJ:6KQJcinxphkG5Q6GdpIOkJHhKRyOXK
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-