General
-
Target
36a7481c5f7e8112829a9333e3c257b6f84bedb103fb96eb9cd5166bd6f6d0afN.exe
-
Size
338KB
-
Sample
241117-v442zavemp
-
MD5
f391e26274dc781ed0da826493ecb750
-
SHA1
ad8e59105f9737c5e7c241e0ea322fe2b09eca04
-
SHA256
36a7481c5f7e8112829a9333e3c257b6f84bedb103fb96eb9cd5166bd6f6d0af
-
SHA512
957a952ce39e501f214c2837d70d8f1607f517a84364bd73819d21381c826a9d336f44f187269f43f086ea479fb6c18eb297e7c62646895b55a0ef076d62e6d3
-
SSDEEP
3072:bc3sBG7mXh7m/zZM3jAbNOM6CNtDCZFc/:w3sBz0Z4Mj72F
Malware Config
Targets
-
-
Target
36a7481c5f7e8112829a9333e3c257b6f84bedb103fb96eb9cd5166bd6f6d0afN.exe
-
Size
338KB
-
MD5
f391e26274dc781ed0da826493ecb750
-
SHA1
ad8e59105f9737c5e7c241e0ea322fe2b09eca04
-
SHA256
36a7481c5f7e8112829a9333e3c257b6f84bedb103fb96eb9cd5166bd6f6d0af
-
SHA512
957a952ce39e501f214c2837d70d8f1607f517a84364bd73819d21381c826a9d336f44f187269f43f086ea479fb6c18eb297e7c62646895b55a0ef076d62e6d3
-
SSDEEP
3072:bc3sBG7mXh7m/zZM3jAbNOM6CNtDCZFc/:w3sBz0Z4Mj72F
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-