General
-
Target
a083b734ccec25830f50e811b259757d4f7bca988532e4692844e5c52dd423b6.exe
-
Size
112KB
-
Sample
241113-hdqenswnfs
-
MD5
dfbbd746d85a4a0e49b2080b0086a13a
-
SHA1
0af9f2ccda1422d64c7f7089eda5caaf4acbc8ca
-
SHA256
a083b734ccec25830f50e811b259757d4f7bca988532e4692844e5c52dd423b6
-
SHA512
7eafba786e452ca42437b0a7a1b9ef47807842b32c945eb2b1c96c24834e0c7608d44b5c9d8967282e1a7cb39ab02194f48d863c5b391369317642623db78e92
-
SSDEEP
1536:t2ovIa47CqIf2f3w41p7sDcX7juR/JSJw8EeNshUDGXJp:tVIr7zI+fAceoGxSKKo5p
Malware Config
Targets
-
-
Target
a083b734ccec25830f50e811b259757d4f7bca988532e4692844e5c52dd423b6.exe
-
Size
112KB
-
MD5
dfbbd746d85a4a0e49b2080b0086a13a
-
SHA1
0af9f2ccda1422d64c7f7089eda5caaf4acbc8ca
-
SHA256
a083b734ccec25830f50e811b259757d4f7bca988532e4692844e5c52dd423b6
-
SHA512
7eafba786e452ca42437b0a7a1b9ef47807842b32c945eb2b1c96c24834e0c7608d44b5c9d8967282e1a7cb39ab02194f48d863c5b391369317642623db78e92
-
SSDEEP
1536:t2ovIa47CqIf2f3w41p7sDcX7juR/JSJw8EeNshUDGXJp:tVIr7zI+fAceoGxSKKo5p
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-