General
-
Target
f2f03d92ea96d17194064f41319ca2aac64f8b9633a508435f9c236fb3674b82.exe
-
Size
90KB
-
Sample
241127-e7w8jatqbr
-
MD5
cf729c9122864f04be4fe8795e8a6e9f
-
SHA1
b04212a0235a7ec9994a13347d4918f8928dde34
-
SHA256
f2f03d92ea96d17194064f41319ca2aac64f8b9633a508435f9c236fb3674b82
-
SHA512
b9c6c5a0bd871591391c8491d05b1192bee958c677cbccafd44cac01079095f1594aedda503c3d4d314dc8ee5a14baf1e3256b2562857a431cfd24bcf1b08107
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oD3:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3h
Malware Config
Targets
-
-
Target
f2f03d92ea96d17194064f41319ca2aac64f8b9633a508435f9c236fb3674b82.exe
-
Size
90KB
-
MD5
cf729c9122864f04be4fe8795e8a6e9f
-
SHA1
b04212a0235a7ec9994a13347d4918f8928dde34
-
SHA256
f2f03d92ea96d17194064f41319ca2aac64f8b9633a508435f9c236fb3674b82
-
SHA512
b9c6c5a0bd871591391c8491d05b1192bee958c677cbccafd44cac01079095f1594aedda503c3d4d314dc8ee5a14baf1e3256b2562857a431cfd24bcf1b08107
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oD3:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3h
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-