General
-
Target
15207bda2550e8acf59c1167675e62e5663da542e63383bb2fbd251ba8df1db4N.exe
-
Size
90KB
-
Sample
241205-2fqyrs1qdk
-
MD5
f2c98997b9f245149d31d7faaba77110
-
SHA1
b527cf09d7b60a486f4f7ab5b663acc9b879f894
-
SHA256
15207bda2550e8acf59c1167675e62e5663da542e63383bb2fbd251ba8df1db4
-
SHA512
9b722452f09f4d2d3cd69b42b4974fa233b5a7bcb8066c5fefa031105af38dab5d04d89cb306dfa8a62c002bd757aef38c881735519903839973d40d00f4c968
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDx:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3H
Malware Config
Targets
-
-
Target
15207bda2550e8acf59c1167675e62e5663da542e63383bb2fbd251ba8df1db4N.exe
-
Size
90KB
-
MD5
f2c98997b9f245149d31d7faaba77110
-
SHA1
b527cf09d7b60a486f4f7ab5b663acc9b879f894
-
SHA256
15207bda2550e8acf59c1167675e62e5663da542e63383bb2fbd251ba8df1db4
-
SHA512
9b722452f09f4d2d3cd69b42b4974fa233b5a7bcb8066c5fefa031105af38dab5d04d89cb306dfa8a62c002bd757aef38c881735519903839973d40d00f4c968
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDx:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3H
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-