General
-
Target
7097df72f1d4129292caee5848d61c737417acbcdf4a1d77bc313129dc3c74e1.exe
-
Size
326KB
-
Sample
241203-td4g3ssjhz
-
MD5
19e949b3b2269df5f99bab8ef13b98e2
-
SHA1
bf4804fb097dd65d9f754da9b196b9cc80248953
-
SHA256
7097df72f1d4129292caee5848d61c737417acbcdf4a1d77bc313129dc3c74e1
-
SHA512
2fb90076cd1d34d3d34f6c3d54af9cf700ce18cc9b3573503baac33fc87e4312d3ab9a3fe34fc22f05ab8f8382b277f08af70c2ed48df45c97489c0c477a28c2
-
SSDEEP
3072:h0e2A0wxDqUpM5scww4chO+O1BmP5DG0sg3i4XZ9WvDZHwdRX/L+gP38XVs:h0sxD5cwohO+O1sVG0/pZ6iPC8N
Malware Config
Targets
-
-
Target
7097df72f1d4129292caee5848d61c737417acbcdf4a1d77bc313129dc3c74e1.exe
-
Size
326KB
-
MD5
19e949b3b2269df5f99bab8ef13b98e2
-
SHA1
bf4804fb097dd65d9f754da9b196b9cc80248953
-
SHA256
7097df72f1d4129292caee5848d61c737417acbcdf4a1d77bc313129dc3c74e1
-
SHA512
2fb90076cd1d34d3d34f6c3d54af9cf700ce18cc9b3573503baac33fc87e4312d3ab9a3fe34fc22f05ab8f8382b277f08af70c2ed48df45c97489c0c477a28c2
-
SSDEEP
3072:h0e2A0wxDqUpM5scww4chO+O1BmP5DG0sg3i4XZ9WvDZHwdRX/L+gP38XVs:h0sxD5cwohO+O1sVG0/pZ6iPC8N
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-