General
-
Target
1f836787a50e405084578b2eb0be8dbdf7e87ce1689b5ebf43c71aeb9fd813c1.exe
-
Size
94KB
-
Sample
241204-a5w3jasqfz
-
MD5
490d278fe3c4e90942101a74b2cd0020
-
SHA1
1590fd87a0ff25e57f05dc1ebea3703edea197fb
-
SHA256
1f836787a50e405084578b2eb0be8dbdf7e87ce1689b5ebf43c71aeb9fd813c1
-
SHA512
a9cc92cd58784332a460fb13d389a6a255e4103ecf2b9773bb6278b75f542741fea3d179556ee9553e2e809d2572ad8ead76d3ef61a44a56dfcc798784629e04
-
SSDEEP
1536:/pdyL9GjGiwA1z0PmVggNJKbFD2BBMx1RiwmPJr3raDk5BRf13KH9m2POE/0:/pdyLALwACPmV3NYaYLiwIt3raA5BRfv
Malware Config
Targets
-
-
Target
1f836787a50e405084578b2eb0be8dbdf7e87ce1689b5ebf43c71aeb9fd813c1.exe
-
Size
94KB
-
MD5
490d278fe3c4e90942101a74b2cd0020
-
SHA1
1590fd87a0ff25e57f05dc1ebea3703edea197fb
-
SHA256
1f836787a50e405084578b2eb0be8dbdf7e87ce1689b5ebf43c71aeb9fd813c1
-
SHA512
a9cc92cd58784332a460fb13d389a6a255e4103ecf2b9773bb6278b75f542741fea3d179556ee9553e2e809d2572ad8ead76d3ef61a44a56dfcc798784629e04
-
SSDEEP
1536:/pdyL9GjGiwA1z0PmVggNJKbFD2BBMx1RiwmPJr3raDk5BRf13KH9m2POE/0:/pdyLALwACPmV3NYaYLiwIt3raA5BRfv
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-