General
-
Target
0fafb7eb911f87a25e9e165fd7464cd590998d92350dad6d19ca436214280449N.exe
-
Size
90KB
-
Sample
240930-dyd5xszejd
-
MD5
15a90ac37d8bfa0d376a692da5462160
-
SHA1
9d583a2934a9a4ff0dc4c7c86dbf556c424dfbbf
-
SHA256
0fafb7eb911f87a25e9e165fd7464cd590998d92350dad6d19ca436214280449
-
SHA512
5ceec4393b9c8170eb7b154241de3780b71ea504a48eb1c294cd6485cd2d3f617fc68fcd8cdab5460ee35d57c5f4c839524943fa0c4b81c56a464c246d897c4b
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDK:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3Y
Malware Config
Targets
-
-
Target
0fafb7eb911f87a25e9e165fd7464cd590998d92350dad6d19ca436214280449N.exe
-
Size
90KB
-
MD5
15a90ac37d8bfa0d376a692da5462160
-
SHA1
9d583a2934a9a4ff0dc4c7c86dbf556c424dfbbf
-
SHA256
0fafb7eb911f87a25e9e165fd7464cd590998d92350dad6d19ca436214280449
-
SHA512
5ceec4393b9c8170eb7b154241de3780b71ea504a48eb1c294cd6485cd2d3f617fc68fcd8cdab5460ee35d57c5f4c839524943fa0c4b81c56a464c246d897c4b
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDK:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3Y
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-