General
-
Target
a47e64bd4b9f4249c526c0135aa9701154b55dd421d584034c2f0c2a36f140cc.exe
-
Size
90KB
-
Sample
241205-rgjkzaxqbx
-
MD5
a14bcaadde880343729bb13b85936cff
-
SHA1
8a159f6330674e1704103ec45729782457624f22
-
SHA256
a47e64bd4b9f4249c526c0135aa9701154b55dd421d584034c2f0c2a36f140cc
-
SHA512
873a5d531d5d64dbb2d9573e4d4cc4fe1d0fec74ef2d59fa7cd648fbc795c36da5e6f3445bf2c307274183dc5b327bd2a7b7f6dd4b2b545b3a342ecffe60a743
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDj:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3F
Malware Config
Targets
-
-
Target
a47e64bd4b9f4249c526c0135aa9701154b55dd421d584034c2f0c2a36f140cc.exe
-
Size
90KB
-
MD5
a14bcaadde880343729bb13b85936cff
-
SHA1
8a159f6330674e1704103ec45729782457624f22
-
SHA256
a47e64bd4b9f4249c526c0135aa9701154b55dd421d584034c2f0c2a36f140cc
-
SHA512
873a5d531d5d64dbb2d9573e4d4cc4fe1d0fec74ef2d59fa7cd648fbc795c36da5e6f3445bf2c307274183dc5b327bd2a7b7f6dd4b2b545b3a342ecffe60a743
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDj:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3F
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-