General
-
Target
31764fea7d7bae84d9557a1a689cc6afe0ec81c8820ff2a18a4b91820a8d4ac6N.exe
-
Size
90KB
-
Sample
241126-szwtpaxkh1
-
MD5
a96973e28ab2f28267f36ae74185f990
-
SHA1
2538578e516ba26336a224b9ac2a94e9d3a74d3b
-
SHA256
31764fea7d7bae84d9557a1a689cc6afe0ec81c8820ff2a18a4b91820a8d4ac6
-
SHA512
345619dbd7aa5dfebc53ba92572c304188a6d217d0f89bb0f1ebe2851c702666e2e27e001cd259665865d13216090ef7b4e80872c17fa6d346e3c4e8f8312d36
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oD3:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3h
Malware Config
Targets
-
-
Target
31764fea7d7bae84d9557a1a689cc6afe0ec81c8820ff2a18a4b91820a8d4ac6N.exe
-
Size
90KB
-
MD5
a96973e28ab2f28267f36ae74185f990
-
SHA1
2538578e516ba26336a224b9ac2a94e9d3a74d3b
-
SHA256
31764fea7d7bae84d9557a1a689cc6afe0ec81c8820ff2a18a4b91820a8d4ac6
-
SHA512
345619dbd7aa5dfebc53ba92572c304188a6d217d0f89bb0f1ebe2851c702666e2e27e001cd259665865d13216090ef7b4e80872c17fa6d346e3c4e8f8312d36
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oD3:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3h
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-