General
-
Target
52ee351af182d43ef7f9e0604f2972375a2a582ec1c89d24969ed84591db99baN.exe
-
Size
90KB
-
Sample
241130-bs7h6szpgq
-
MD5
d0d72ff11b7b325a1c7ed46d5e5db940
-
SHA1
7b5b6331ba64368666be13e5e1eebdcd62525669
-
SHA256
52ee351af182d43ef7f9e0604f2972375a2a582ec1c89d24969ed84591db99ba
-
SHA512
b8ea0a9ae62f9eb1b17b2c3765e547c8e93d2cd899017e372ad790680dd561c4125afc2989e5e78929e740cbe2d413caa7c3e39d8c08d22013bf31fc98eaddbb
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDO:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3o
Malware Config
Targets
-
-
Target
52ee351af182d43ef7f9e0604f2972375a2a582ec1c89d24969ed84591db99baN.exe
-
Size
90KB
-
MD5
d0d72ff11b7b325a1c7ed46d5e5db940
-
SHA1
7b5b6331ba64368666be13e5e1eebdcd62525669
-
SHA256
52ee351af182d43ef7f9e0604f2972375a2a582ec1c89d24969ed84591db99ba
-
SHA512
b8ea0a9ae62f9eb1b17b2c3765e547c8e93d2cd899017e372ad790680dd561c4125afc2989e5e78929e740cbe2d413caa7c3e39d8c08d22013bf31fc98eaddbb
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDO:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3o
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-