General
-
Target
79eb97c9f311255af04954c6a59f87ee6cd065a66c6c9e8ddfb09afe052e6972
-
Size
90KB
-
Sample
241129-aqtc4a1rgm
-
MD5
577c72e9f9ad2c78ff0121612af50ffc
-
SHA1
fc2d2632700a950ffa1273da7b3823d87507438b
-
SHA256
79eb97c9f311255af04954c6a59f87ee6cd065a66c6c9e8ddfb09afe052e6972
-
SHA512
2406fbad94992373c985082e32c67c932ec59dda491a67cbc55bca075683131a9482623266ac3ae8e8142e1529b89f8dec8b793de2de6622c64005e97acd5aaf
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDj:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3p
Malware Config
Targets
-
-
Target
79eb97c9f311255af04954c6a59f87ee6cd065a66c6c9e8ddfb09afe052e6972
-
Size
90KB
-
MD5
577c72e9f9ad2c78ff0121612af50ffc
-
SHA1
fc2d2632700a950ffa1273da7b3823d87507438b
-
SHA256
79eb97c9f311255af04954c6a59f87ee6cd065a66c6c9e8ddfb09afe052e6972
-
SHA512
2406fbad94992373c985082e32c67c932ec59dda491a67cbc55bca075683131a9482623266ac3ae8e8142e1529b89f8dec8b793de2de6622c64005e97acd5aaf
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDj:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3p
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-