General
-
Target
2f11227a1a64683eb717b9726bdbd49a964a557ca20d1d6476098cb0643ef673
-
Size
90KB
-
Sample
241111-zpr63swekl
-
MD5
dc0a88fa650a1a49d3f7218b2371d9d7
-
SHA1
932d13ffc72fcd747a9787762745a10b1fb3c9e5
-
SHA256
2f11227a1a64683eb717b9726bdbd49a964a557ca20d1d6476098cb0643ef673
-
SHA512
7b4a07f088e7c8960990baab64114c4ef55dca40b865d7f2f021d394ae76c81bfa8e82cb9459834bbe7250b4fb74ec4db9a3fe8cfe571746d9447af9aa53dbfc
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDK:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3Y
Malware Config
Targets
-
-
Target
2f11227a1a64683eb717b9726bdbd49a964a557ca20d1d6476098cb0643ef673
-
Size
90KB
-
MD5
dc0a88fa650a1a49d3f7218b2371d9d7
-
SHA1
932d13ffc72fcd747a9787762745a10b1fb3c9e5
-
SHA256
2f11227a1a64683eb717b9726bdbd49a964a557ca20d1d6476098cb0643ef673
-
SHA512
7b4a07f088e7c8960990baab64114c4ef55dca40b865d7f2f021d394ae76c81bfa8e82cb9459834bbe7250b4fb74ec4db9a3fe8cfe571746d9447af9aa53dbfc
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDK:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3Y
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-