General
-
Target
03ef07ed74458339ad7d6224746edc139c00819a36d9601242146554368ac16eN.exe
-
Size
90KB
-
Sample
241129-cz16eavrel
-
MD5
0fcd58b414f993a0e467ad9a6412c160
-
SHA1
e0e7fb5254f286cfa100084eb9da1fe6b08057fd
-
SHA256
03ef07ed74458339ad7d6224746edc139c00819a36d9601242146554368ac16e
-
SHA512
6f151f0c3d9ab43ac7b7f5416212b9ac2b782736acae7ae3d4da596d33c7cf4c76e3da4ed0c3f7b9a000426a635fd41851415f75b3d68b1d934f269cf1e33a73
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDK:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3Y
Malware Config
Targets
-
-
Target
03ef07ed74458339ad7d6224746edc139c00819a36d9601242146554368ac16eN.exe
-
Size
90KB
-
MD5
0fcd58b414f993a0e467ad9a6412c160
-
SHA1
e0e7fb5254f286cfa100084eb9da1fe6b08057fd
-
SHA256
03ef07ed74458339ad7d6224746edc139c00819a36d9601242146554368ac16e
-
SHA512
6f151f0c3d9ab43ac7b7f5416212b9ac2b782736acae7ae3d4da596d33c7cf4c76e3da4ed0c3f7b9a000426a635fd41851415f75b3d68b1d934f269cf1e33a73
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDK:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3Y
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-