General
-
Target
aea9f35b7e1956997086383050a6a5950dacddbfd34461050d22bd284a1692a2N.exe
-
Size
130KB
-
Sample
241117-azbjmsxdld
-
MD5
4d15f6c0d9ecf6ab72c378747b5509f0
-
SHA1
93b7109cd081a2d73a336ac4359ff4a97c997a38
-
SHA256
aea9f35b7e1956997086383050a6a5950dacddbfd34461050d22bd284a1692a2
-
SHA512
e257cd61eefef4ebd7966401c6c97050e7d28c47fea381d2492dd1a67ce50ea60799304d22037ec9dee7dafdafedd5d477a6e4c431907956c6b6d4df2b9dab4b
-
SSDEEP
1536:eH1ZaQvR1KiX3NK6I+hZhYrt/w5Q6G6IpiRYzz9qJHhhnm0yG5aP/5UROXTmZu:SKQJcinxphkG5Q6GdpIOkJHhKRyOXKo
Malware Config
Targets
-
-
Target
aea9f35b7e1956997086383050a6a5950dacddbfd34461050d22bd284a1692a2N.exe
-
Size
130KB
-
MD5
4d15f6c0d9ecf6ab72c378747b5509f0
-
SHA1
93b7109cd081a2d73a336ac4359ff4a97c997a38
-
SHA256
aea9f35b7e1956997086383050a6a5950dacddbfd34461050d22bd284a1692a2
-
SHA512
e257cd61eefef4ebd7966401c6c97050e7d28c47fea381d2492dd1a67ce50ea60799304d22037ec9dee7dafdafedd5d477a6e4c431907956c6b6d4df2b9dab4b
-
SSDEEP
1536:eH1ZaQvR1KiX3NK6I+hZhYrt/w5Q6G6IpiRYzz9qJHhhnm0yG5aP/5UROXTmZu:SKQJcinxphkG5Q6GdpIOkJHhKRyOXKo
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-