General
-
Target
27773436ae21fa741d1074b436a0a5e9c1bc02dea8631bfa0d4b4309b8c7395a
-
Size
338KB
-
Sample
241117-1jhwwsyfmh
-
MD5
eb18ceac3a0219676a85cc033f80e220
-
SHA1
4721aed75bb0749dce05b7ec0b99f58e7d28c899
-
SHA256
27773436ae21fa741d1074b436a0a5e9c1bc02dea8631bfa0d4b4309b8c7395a
-
SHA512
da5e8cbab1440b9c288265fd442dbb7df7f7114d576f8260b90aaea9091d95e36ac20f5dc84cb28acbccea9fb4dc4d599e502fa21595998fed7687adefa344e5
-
SSDEEP
3072:uc3sBG7mXh7m/zZM3jAbNOM6CNtDCZFc/:/3sBz0Z4Mj72F
Malware Config
Targets
-
-
Target
27773436ae21fa741d1074b436a0a5e9c1bc02dea8631bfa0d4b4309b8c7395a
-
Size
338KB
-
MD5
eb18ceac3a0219676a85cc033f80e220
-
SHA1
4721aed75bb0749dce05b7ec0b99f58e7d28c899
-
SHA256
27773436ae21fa741d1074b436a0a5e9c1bc02dea8631bfa0d4b4309b8c7395a
-
SHA512
da5e8cbab1440b9c288265fd442dbb7df7f7114d576f8260b90aaea9091d95e36ac20f5dc84cb28acbccea9fb4dc4d599e502fa21595998fed7687adefa344e5
-
SSDEEP
3072:uc3sBG7mXh7m/zZM3jAbNOM6CNtDCZFc/:/3sBz0Z4Mj72F
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-