General
-
Target
69d76ed8dd54bba3459f579a27ad69bbdf6add31ce4a2c69a5647e2d662cdbe3N
-
Size
90KB
-
Sample
240919-l1qwhatbnm
-
MD5
7ca3fce5e9424323929565d59c6852b0
-
SHA1
c00b7b60b4e2860dead74bbd90663f7d4b255177
-
SHA256
69d76ed8dd54bba3459f579a27ad69bbdf6add31ce4a2c69a5647e2d662cdbe3
-
SHA512
31f3e36509d8dd680d402952125e0b31b97814c4a4ba05042ae37da8a829ffa8284ca957726a83f6f81debffc83f34cdf011883dfe24e34005d2a3308fedf289
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDK:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3Y
Malware Config
Targets
-
-
Target
69d76ed8dd54bba3459f579a27ad69bbdf6add31ce4a2c69a5647e2d662cdbe3N
-
Size
90KB
-
MD5
7ca3fce5e9424323929565d59c6852b0
-
SHA1
c00b7b60b4e2860dead74bbd90663f7d4b255177
-
SHA256
69d76ed8dd54bba3459f579a27ad69bbdf6add31ce4a2c69a5647e2d662cdbe3
-
SHA512
31f3e36509d8dd680d402952125e0b31b97814c4a4ba05042ae37da8a829ffa8284ca957726a83f6f81debffc83f34cdf011883dfe24e34005d2a3308fedf289
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDK:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3Y
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-