General
-
Target
b6ecef3349d6bacadb508002dcd7928bfe5ac6475f34ac19e035e99d6c1b6959N
-
Size
90KB
-
Sample
241104-smslha1hqd
-
MD5
6d32f261bad60e45ef3a70fe5bb12930
-
SHA1
95e24b0721bc62296ec9ead677f060770051111e
-
SHA256
b6ecef3349d6bacadb508002dcd7928bfe5ac6475f34ac19e035e99d6c1b6959
-
SHA512
eca2fefc661f27988c90d14e13e4de84121d4567b62cdef2ceaacbb9b7c690cf63a7c047986fcda816b115f23622b1c2425e8f37b4f4f3359502d2227aa46c20
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDK:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3Y
Malware Config
Targets
-
-
Target
b6ecef3349d6bacadb508002dcd7928bfe5ac6475f34ac19e035e99d6c1b6959N
-
Size
90KB
-
MD5
6d32f261bad60e45ef3a70fe5bb12930
-
SHA1
95e24b0721bc62296ec9ead677f060770051111e
-
SHA256
b6ecef3349d6bacadb508002dcd7928bfe5ac6475f34ac19e035e99d6c1b6959
-
SHA512
eca2fefc661f27988c90d14e13e4de84121d4567b62cdef2ceaacbb9b7c690cf63a7c047986fcda816b115f23622b1c2425e8f37b4f4f3359502d2227aa46c20
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDK:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3Y
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-