General
-
Target
0528d5e6194956211c63bba8d00f6f971044c1153e7ea04da43678ca2ed61939
-
Size
90KB
-
Sample
241125-xyek8s1qfz
-
MD5
733c3b62386dc1dbfb12397016b212d7
-
SHA1
0a5b22875680eee72ee3fadea18508db6209c5f4
-
SHA256
0528d5e6194956211c63bba8d00f6f971044c1153e7ea04da43678ca2ed61939
-
SHA512
c9cf494739974af15960fae840220bc5e259a7f71cdfade692208a7f52ecb116c4ba7ab8f0b0c7ef960b4f8c3db9020804bf239f765c0d98c2b6448d13eb9373
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDK:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3Y
Malware Config
Targets
-
-
Target
0528d5e6194956211c63bba8d00f6f971044c1153e7ea04da43678ca2ed61939
-
Size
90KB
-
MD5
733c3b62386dc1dbfb12397016b212d7
-
SHA1
0a5b22875680eee72ee3fadea18508db6209c5f4
-
SHA256
0528d5e6194956211c63bba8d00f6f971044c1153e7ea04da43678ca2ed61939
-
SHA512
c9cf494739974af15960fae840220bc5e259a7f71cdfade692208a7f52ecb116c4ba7ab8f0b0c7ef960b4f8c3db9020804bf239f765c0d98c2b6448d13eb9373
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDK:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3Y
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-