General
-
Target
e7ae79b4b6aea962bf1a5b99d570d6ee1dcddd1bfa167a41e0a6e6fa1a5a6d0d
-
Size
90KB
-
Sample
241205-ed42aaxmft
-
MD5
c18a027dcd18412f7f8e76ab0041fa7f
-
SHA1
b8392b6ab7023f376cd3c78e3375c46fd503e5ed
-
SHA256
e7ae79b4b6aea962bf1a5b99d570d6ee1dcddd1bfa167a41e0a6e6fa1a5a6d0d
-
SHA512
d5de51c74444ae9543584f36ba190df780f949cd35114709b44599bdb079c462b881696662faad875201b1c76cfa8e67071e60ecf3500ce6c247720d6a73f05f
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDl:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3v
Malware Config
Targets
-
-
Target
e7ae79b4b6aea962bf1a5b99d570d6ee1dcddd1bfa167a41e0a6e6fa1a5a6d0d
-
Size
90KB
-
MD5
c18a027dcd18412f7f8e76ab0041fa7f
-
SHA1
b8392b6ab7023f376cd3c78e3375c46fd503e5ed
-
SHA256
e7ae79b4b6aea962bf1a5b99d570d6ee1dcddd1bfa167a41e0a6e6fa1a5a6d0d
-
SHA512
d5de51c74444ae9543584f36ba190df780f949cd35114709b44599bdb079c462b881696662faad875201b1c76cfa8e67071e60ecf3500ce6c247720d6a73f05f
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDl:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3v
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-