General
-
Target
798b75d7cb2f49cdc10d62bd8ce6aa57f5fba75c9deddd752929b2c82269d450.exe
-
Size
112KB
-
Sample
241126-bwle4stlgl
-
MD5
d8cab5a9969dd3032845db5b5b5bee85
-
SHA1
073f2c3483dca996bca912642b83e17f96ab351a
-
SHA256
798b75d7cb2f49cdc10d62bd8ce6aa57f5fba75c9deddd752929b2c82269d450
-
SHA512
1ef57300ad57b167d9194e16b80d2da4636f2bd01669e329245170cc9c2aa11de8addeefb975cf5613474b6a7602fe764ad33e7b1ff3312e9601c417485fc6e8
-
SSDEEP
1536:t2ovIa47CqIf2f3w41p7sDcX7juR/JSJw8EeNshUDGXJS:tVIr7zI+fAceoGxSKKo5S
Malware Config
Targets
-
-
Target
798b75d7cb2f49cdc10d62bd8ce6aa57f5fba75c9deddd752929b2c82269d450.exe
-
Size
112KB
-
MD5
d8cab5a9969dd3032845db5b5b5bee85
-
SHA1
073f2c3483dca996bca912642b83e17f96ab351a
-
SHA256
798b75d7cb2f49cdc10d62bd8ce6aa57f5fba75c9deddd752929b2c82269d450
-
SHA512
1ef57300ad57b167d9194e16b80d2da4636f2bd01669e329245170cc9c2aa11de8addeefb975cf5613474b6a7602fe764ad33e7b1ff3312e9601c417485fc6e8
-
SSDEEP
1536:t2ovIa47CqIf2f3w41p7sDcX7juR/JSJw8EeNshUDGXJS:tVIr7zI+fAceoGxSKKo5S
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-