General
-
Target
92b09fef6a6fbde24726cdb91f0560611b116e9a0e46bf46b14badec734f9b62
-
Size
90KB
-
Sample
241202-aqyyksvlfm
-
MD5
44ca4d11268080fc1eed7ab08cbebee1
-
SHA1
a92c3b9e6456096a85c593077860142122ce9c20
-
SHA256
92b09fef6a6fbde24726cdb91f0560611b116e9a0e46bf46b14badec734f9b62
-
SHA512
439200a30b06199fcab7b2be1bb457dacbfdcdce7454790c3b61b5ab14b706eb682f4ac03d6215fbe6bfb8a7c51071aafbb6b81fb190052e1b8450e560ffc977
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDK:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3Y
Malware Config
Targets
-
-
Target
92b09fef6a6fbde24726cdb91f0560611b116e9a0e46bf46b14badec734f9b62
-
Size
90KB
-
MD5
44ca4d11268080fc1eed7ab08cbebee1
-
SHA1
a92c3b9e6456096a85c593077860142122ce9c20
-
SHA256
92b09fef6a6fbde24726cdb91f0560611b116e9a0e46bf46b14badec734f9b62
-
SHA512
439200a30b06199fcab7b2be1bb457dacbfdcdce7454790c3b61b5ab14b706eb682f4ac03d6215fbe6bfb8a7c51071aafbb6b81fb190052e1b8450e560ffc977
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDK:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3Y
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-