General
-
Target
2a342057cf1354d0985a3f291aec368cf73db4906dbc4563827be7166d3556ffN.exe
-
Size
116KB
-
Sample
241125-l4azfsxnam
-
MD5
89056d7a471d58d1d22a707964b3e0c0
-
SHA1
046a3c6b1f0d3d6a5b3a804906b87bffe0e70204
-
SHA256
2a342057cf1354d0985a3f291aec368cf73db4906dbc4563827be7166d3556ff
-
SHA512
1daffaeaa658e5d92e61c3ecd9c872f6e14f5e787a23cfab381609e79396ff9500e748043fec6395622feb94e2260303064c2bf1780296d0a6ca3671f582b998
-
SSDEEP
1536:JOH1ZaQvR1KiX3NK6I+hZhYrt/w5Q6G6IpiRYzz9qJHhhnm0yG5aP/5PxVz:JCKQJcinxphkG5Q6GdpIOkJHhKRfz
Malware Config
Targets
-
-
Target
2a342057cf1354d0985a3f291aec368cf73db4906dbc4563827be7166d3556ffN.exe
-
Size
116KB
-
MD5
89056d7a471d58d1d22a707964b3e0c0
-
SHA1
046a3c6b1f0d3d6a5b3a804906b87bffe0e70204
-
SHA256
2a342057cf1354d0985a3f291aec368cf73db4906dbc4563827be7166d3556ff
-
SHA512
1daffaeaa658e5d92e61c3ecd9c872f6e14f5e787a23cfab381609e79396ff9500e748043fec6395622feb94e2260303064c2bf1780296d0a6ca3671f582b998
-
SSDEEP
1536:JOH1ZaQvR1KiX3NK6I+hZhYrt/w5Q6G6IpiRYzz9qJHhhnm0yG5aP/5PxVz:JCKQJcinxphkG5Q6GdpIOkJHhKRfz
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-