General
-
Target
47e38cf2b416787b39ef009b5ce401c60ec6da7bb2289a397065898bf8c0f55bN.exe
-
Size
130KB
-
Sample
240925-t283gavhjr
-
MD5
881d6c7b2782b23e76b64b901a0cc580
-
SHA1
6d5acfad905473a68d294cb2901c1794a001da13
-
SHA256
47e38cf2b416787b39ef009b5ce401c60ec6da7bb2289a397065898bf8c0f55b
-
SHA512
059e06a04eace1ecee35e87f312d23971c61103b67617713a070d6d1060127573b8aa1b1933b3026bd40d127fefe0c5c14a20001652d691e7c8133eebb4fd939
-
SSDEEP
1536:eH1ZaQvR1KiX3NK6I+hZhYrt/w5Q6G6IpiRYzz9qJHhhnm0yG5aP/5UROXTmX:SKQJcinxphkG5Q6GdpIOkJHhKRyOXK
Malware Config
Targets
-
-
Target
47e38cf2b416787b39ef009b5ce401c60ec6da7bb2289a397065898bf8c0f55bN.exe
-
Size
130KB
-
MD5
881d6c7b2782b23e76b64b901a0cc580
-
SHA1
6d5acfad905473a68d294cb2901c1794a001da13
-
SHA256
47e38cf2b416787b39ef009b5ce401c60ec6da7bb2289a397065898bf8c0f55b
-
SHA512
059e06a04eace1ecee35e87f312d23971c61103b67617713a070d6d1060127573b8aa1b1933b3026bd40d127fefe0c5c14a20001652d691e7c8133eebb4fd939
-
SSDEEP
1536:eH1ZaQvR1KiX3NK6I+hZhYrt/w5Q6G6IpiRYzz9qJHhhnm0yG5aP/5UROXTmX:SKQJcinxphkG5Q6GdpIOkJHhKRyOXK
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-