General
-
Target
3d034062a0b2435f443205cc097fbb4efe2eacdab99cff1c58bd37e290ab0f52
-
Size
326KB
-
Sample
240919-yp33xaxele
-
MD5
cf3a0d67f25013b752a7689cd3c8960c
-
SHA1
b7a028c8352fdbce436711d66000f8394b7d7482
-
SHA256
3d034062a0b2435f443205cc097fbb4efe2eacdab99cff1c58bd37e290ab0f52
-
SHA512
e6412ec47d678612450f9108f00a2d04ecdc5c53bb7ffd266a5232f7806a341ed5d2939853005990ed7fbf1ee9116f09aeaf56ea7e0a55639a96bd2e5cac5f49
-
SSDEEP
3072:h0e2A0wxDqUpM5scww4chO+O1BmP5DG0sg3i4XZ9WvDZHwdRX/L+gP38XV:h0sxD5cwohO+O1sVG0/pZ6iPC8
Malware Config
Targets
-
-
Target
3d034062a0b2435f443205cc097fbb4efe2eacdab99cff1c58bd37e290ab0f52
-
Size
326KB
-
MD5
cf3a0d67f25013b752a7689cd3c8960c
-
SHA1
b7a028c8352fdbce436711d66000f8394b7d7482
-
SHA256
3d034062a0b2435f443205cc097fbb4efe2eacdab99cff1c58bd37e290ab0f52
-
SHA512
e6412ec47d678612450f9108f00a2d04ecdc5c53bb7ffd266a5232f7806a341ed5d2939853005990ed7fbf1ee9116f09aeaf56ea7e0a55639a96bd2e5cac5f49
-
SSDEEP
3072:h0e2A0wxDqUpM5scww4chO+O1BmP5DG0sg3i4XZ9WvDZHwdRX/L+gP38XV:h0sxD5cwohO+O1sVG0/pZ6iPC8
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-