General
-
Target
1d87060ade221e39cb8bf453cd8260ca51177871cd3a4877e0d0b5a32edf5a56N.exe
-
Size
90KB
-
Sample
241205-g7wccaylgq
-
MD5
a661b5cf789d66a437e9aa395ddf18a0
-
SHA1
cdf8282bb48710514a8c455215eaca4b3f29319b
-
SHA256
1d87060ade221e39cb8bf453cd8260ca51177871cd3a4877e0d0b5a32edf5a56
-
SHA512
37962493bebcbde96f3963325f3c0affdca7b5730b966e60a689703bd10137089c89677fa363f315921279b0080aba6503dc3099c1c90462925f61db17b85279
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDh:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3H
Malware Config
Targets
-
-
Target
1d87060ade221e39cb8bf453cd8260ca51177871cd3a4877e0d0b5a32edf5a56N.exe
-
Size
90KB
-
MD5
a661b5cf789d66a437e9aa395ddf18a0
-
SHA1
cdf8282bb48710514a8c455215eaca4b3f29319b
-
SHA256
1d87060ade221e39cb8bf453cd8260ca51177871cd3a4877e0d0b5a32edf5a56
-
SHA512
37962493bebcbde96f3963325f3c0affdca7b5730b966e60a689703bd10137089c89677fa363f315921279b0080aba6503dc3099c1c90462925f61db17b85279
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDh:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3H
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-