General
-
Target
6a757ee69aea09fa025ae7416c6211b68a92154450a852b07af7b851cca0c0e9N
-
Size
90KB
-
Sample
241109-fwpvrayckb
-
MD5
9ac530a7f82e3437234c1895fad99190
-
SHA1
c01f56b0ca3fceaba4a94938ada318d070420bb2
-
SHA256
6a757ee69aea09fa025ae7416c6211b68a92154450a852b07af7b851cca0c0e9
-
SHA512
48be79d549b7f4d0bf2790d09e578f2b237b5728b33181f70426b76981bd156647ae189a26af38ac1cabaec2e4f919acbf2ce69b7a4b5924005b609e28641925
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDK:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3Y
Malware Config
Targets
-
-
Target
6a757ee69aea09fa025ae7416c6211b68a92154450a852b07af7b851cca0c0e9N
-
Size
90KB
-
MD5
9ac530a7f82e3437234c1895fad99190
-
SHA1
c01f56b0ca3fceaba4a94938ada318d070420bb2
-
SHA256
6a757ee69aea09fa025ae7416c6211b68a92154450a852b07af7b851cca0c0e9
-
SHA512
48be79d549b7f4d0bf2790d09e578f2b237b5728b33181f70426b76981bd156647ae189a26af38ac1cabaec2e4f919acbf2ce69b7a4b5924005b609e28641925
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDK:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3Y
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-