General
-
Target
9ab03a0ccc538f631b3a2a48635996be8f5e58bc1b0762516876c424951d2c28N
-
Size
90KB
-
Sample
240919-m46a2avhrq
-
MD5
0d598f0ada1c5c61d3da4ebe69483520
-
SHA1
a8e00285f1bb464e5bad0f1289f708d366864c40
-
SHA256
9ab03a0ccc538f631b3a2a48635996be8f5e58bc1b0762516876c424951d2c28
-
SHA512
44723e8ca7fd9f09c241aeb2215efad5fb4a0ef2759adca06375cba89161479c8ee8806d5957d95d8f45b9c8cb6094db4ef9e66ada06980a6eae8ec7ae0c13d4
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDK:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3Y
Malware Config
Targets
-
-
Target
9ab03a0ccc538f631b3a2a48635996be8f5e58bc1b0762516876c424951d2c28N
-
Size
90KB
-
MD5
0d598f0ada1c5c61d3da4ebe69483520
-
SHA1
a8e00285f1bb464e5bad0f1289f708d366864c40
-
SHA256
9ab03a0ccc538f631b3a2a48635996be8f5e58bc1b0762516876c424951d2c28
-
SHA512
44723e8ca7fd9f09c241aeb2215efad5fb4a0ef2759adca06375cba89161479c8ee8806d5957d95d8f45b9c8cb6094db4ef9e66ada06980a6eae8ec7ae0c13d4
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDK:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3Y
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-