General
-
Target
7d6582ef61ecee86fedf67b2e9c020cf55761952bb2d58b42848f7741731de9f.exe
-
Size
130KB
-
Sample
241118-f7vkdayrex
-
MD5
eca2a4d6bc0b020c47adafce6c4956c6
-
SHA1
6814cd714cd9d42af3cd55f7a52b5881e261f3e1
-
SHA256
7d6582ef61ecee86fedf67b2e9c020cf55761952bb2d58b42848f7741731de9f
-
SHA512
7606227e15153d10bdd69f402659d47c0f350ea7e8a17040c5e45acc0d2b5960117116764f61c19515273f5706e3e9c19289fe5af329e09a919004a622476aaa
-
SSDEEP
1536:eH1ZaQvR1KiX3NK6I+hZhYrt/w5Q6G6IpiRYzz9qJHhhnm0yG5aP/5UROXTmZu:SKQJcinxphkG5Q6GdpIOkJHhKRyOXKo
Malware Config
Targets
-
-
Target
7d6582ef61ecee86fedf67b2e9c020cf55761952bb2d58b42848f7741731de9f.exe
-
Size
130KB
-
MD5
eca2a4d6bc0b020c47adafce6c4956c6
-
SHA1
6814cd714cd9d42af3cd55f7a52b5881e261f3e1
-
SHA256
7d6582ef61ecee86fedf67b2e9c020cf55761952bb2d58b42848f7741731de9f
-
SHA512
7606227e15153d10bdd69f402659d47c0f350ea7e8a17040c5e45acc0d2b5960117116764f61c19515273f5706e3e9c19289fe5af329e09a919004a622476aaa
-
SSDEEP
1536:eH1ZaQvR1KiX3NK6I+hZhYrt/w5Q6G6IpiRYzz9qJHhhnm0yG5aP/5UROXTmZu:SKQJcinxphkG5Q6GdpIOkJHhKRyOXKo
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-