General
-
Target
b28e4ae754cfb5e86fac81a62847478845fabd7aae1bc3ba894bf3191c90bd9a.exe
-
Size
90KB
-
Sample
241205-kxetdsxmbv
-
MD5
5061ecba83d8ce860b6dee96ca0b02ac
-
SHA1
a955caf1b307e542b264d5a15da10402883c3a44
-
SHA256
b28e4ae754cfb5e86fac81a62847478845fabd7aae1bc3ba894bf3191c90bd9a
-
SHA512
a45a6ff6b0dea8b167c4cb9b644cef1f1b94e58308980cd4f607173961b578f936bd1dfc028e02ed44ecd99cbcc6bc28a8979b6d8ae09fad01a8c9ebbeab25bd
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDB:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3z
Malware Config
Targets
-
-
Target
b28e4ae754cfb5e86fac81a62847478845fabd7aae1bc3ba894bf3191c90bd9a.exe
-
Size
90KB
-
MD5
5061ecba83d8ce860b6dee96ca0b02ac
-
SHA1
a955caf1b307e542b264d5a15da10402883c3a44
-
SHA256
b28e4ae754cfb5e86fac81a62847478845fabd7aae1bc3ba894bf3191c90bd9a
-
SHA512
a45a6ff6b0dea8b167c4cb9b644cef1f1b94e58308980cd4f607173961b578f936bd1dfc028e02ed44ecd99cbcc6bc28a8979b6d8ae09fad01a8c9ebbeab25bd
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDB:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3z
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-