General
-
Target
1ca88cf821aa16865bf354c9e3ba23e239ef529dcf879c97098b031fc2f34dbbN
-
Size
130KB
-
Sample
241001-k3cwzs1eqj
-
MD5
7aa9e512c692be61cfe9fe993d513190
-
SHA1
829a54d17074edf5b60f9a0220c9cfd59f551118
-
SHA256
1ca88cf821aa16865bf354c9e3ba23e239ef529dcf879c97098b031fc2f34dbb
-
SHA512
c36414ba7cf7c746432cf32bee3b013b9db001ed59b94ae76432e26e5c74d73a7a254e57314272b85124754e80a5e7fed92f524735395cc8856e6fbc5b54572a
-
SSDEEP
1536:eH1ZaQvR1KiX3NK6I+hZhYrt/w5Q6G6IpiRYzz9qJHhhnm0yG5aP/5UROXTmZ3:SKQJcinxphkG5Q6GdpIOkJHhKRyOXKR
Malware Config
Targets
-
-
Target
1ca88cf821aa16865bf354c9e3ba23e239ef529dcf879c97098b031fc2f34dbbN
-
Size
130KB
-
MD5
7aa9e512c692be61cfe9fe993d513190
-
SHA1
829a54d17074edf5b60f9a0220c9cfd59f551118
-
SHA256
1ca88cf821aa16865bf354c9e3ba23e239ef529dcf879c97098b031fc2f34dbb
-
SHA512
c36414ba7cf7c746432cf32bee3b013b9db001ed59b94ae76432e26e5c74d73a7a254e57314272b85124754e80a5e7fed92f524735395cc8856e6fbc5b54572a
-
SSDEEP
1536:eH1ZaQvR1KiX3NK6I+hZhYrt/w5Q6G6IpiRYzz9qJHhhnm0yG5aP/5UROXTmZ3:SKQJcinxphkG5Q6GdpIOkJHhKRyOXKR
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-