General
-
Target
c61bd926d17a408a738b79ed3761ac6dddc35fa5f50794a7a59e2eaaf8dc4b11.exe
-
Size
338KB
-
Sample
241119-pfrh3s1jgq
-
MD5
563dc5975e261789895fed97482b43ab
-
SHA1
733c8ebc3b82a42ec9b5184ec70cc877760cfecb
-
SHA256
c61bd926d17a408a738b79ed3761ac6dddc35fa5f50794a7a59e2eaaf8dc4b11
-
SHA512
05a59f4493856263afb09694b371bc38b12130acb15e57a44103a4d4d34c7ef00fb5f50010504ca48b0d5a29468696560f0446e85c5bc16ea0049d27020561a4
-
SSDEEP
3072:bc3sBG7mXh7m/zZM3jAbNOM6CNtDCZFc/H:w3sBz0Z4Mj72Fg
Behavioral task
behavioral1
Sample
c61bd926d17a408a738b79ed3761ac6dddc35fa5f50794a7a59e2eaaf8dc4b11.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
c61bd926d17a408a738b79ed3761ac6dddc35fa5f50794a7a59e2eaaf8dc4b11.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
c61bd926d17a408a738b79ed3761ac6dddc35fa5f50794a7a59e2eaaf8dc4b11.exe
-
Size
338KB
-
MD5
563dc5975e261789895fed97482b43ab
-
SHA1
733c8ebc3b82a42ec9b5184ec70cc877760cfecb
-
SHA256
c61bd926d17a408a738b79ed3761ac6dddc35fa5f50794a7a59e2eaaf8dc4b11
-
SHA512
05a59f4493856263afb09694b371bc38b12130acb15e57a44103a4d4d34c7ef00fb5f50010504ca48b0d5a29468696560f0446e85c5bc16ea0049d27020561a4
-
SSDEEP
3072:bc3sBG7mXh7m/zZM3jAbNOM6CNtDCZFc/H:w3sBz0Z4Mj72Fg
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-