General
-
Target
9964178bebe9759c72775046af9b712b614b9b095c2a83fe159da815a891366d.exe
-
Size
90KB
-
Sample
241203-gknzraylgq
-
MD5
71afb0014d8d22f051d401828f17df55
-
SHA1
d39455b1dae395d6ce20a3e79db346f561ced606
-
SHA256
9964178bebe9759c72775046af9b712b614b9b095c2a83fe159da815a891366d
-
SHA512
061087dfde0dbf14450a25020df7e55a3a8aa84e81c464e066fb1cfbac4282f201fad720abddcf374b1e9d41a5831bb28077b3e625970e2204a0c4bb9bae9cec
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDA:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3W
Malware Config
Targets
-
-
Target
9964178bebe9759c72775046af9b712b614b9b095c2a83fe159da815a891366d.exe
-
Size
90KB
-
MD5
71afb0014d8d22f051d401828f17df55
-
SHA1
d39455b1dae395d6ce20a3e79db346f561ced606
-
SHA256
9964178bebe9759c72775046af9b712b614b9b095c2a83fe159da815a891366d
-
SHA512
061087dfde0dbf14450a25020df7e55a3a8aa84e81c464e066fb1cfbac4282f201fad720abddcf374b1e9d41a5831bb28077b3e625970e2204a0c4bb9bae9cec
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDA:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3W
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-